thehackernews.com Open in urlscan Pro
104.26.0.97 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Submission: On October 01 via manual (October 1st 2021, 2:15:17 pm UTC) from IN — Scanned from DE

Summary HTTP 141 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 27 IPs in 6 countries across 25 domains to perform 141 HTTP transactions. The main IP is 104.26.0.97, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 1st 2021. Valid for: a year.

This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	104.26.0.97 104.26.0.97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	184.30.25.225 184.30.25.225	16625 (AKAMAI-AS) (AKAMAI-AS)
14	213.254.244.12 213.254.244.12	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
6	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
18	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
4	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	13.225.87.78 13.225.87.78	16509 (AMAZON-02) (AMAZON-02)
15	142.250.186.129 142.250.186.129	15169 (GOOGLE) (GOOGLE)
2	142.250.185.134 142.250.185.134	15169 (GOOGLE) (GOOGLE)
2	18.192.155.173 18.192.155.173	16509 (AMAZON-02) (AMAZON-02)
1 3	52.19.186.105 52.19.186.105	16509 (AMAZON-02) (AMAZON-02)
1	104.16.19.94 104.16.19.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.110 142.250.185.110	15169 (GOOGLE) (GOOGLE)
9	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	66.102.1.154 66.102.1.154	15169 (GOOGLE) (GOOGLE)
2 4	142.250.186.36 142.250.186.36	15169 (GOOGLE) (GOOGLE)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
10	13.224.193.52 13.224.193.52	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.170 142.250.186.170	15169 (GOOGLE) (GOOGLE)
3	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
11	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
3 3	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	3.9.111.142 3.9.111.142	16509 (AMAZON-02) (AMAZON-02)
2	3.115.67.144 3.115.67.144	16509 (AMAZON-02) (AMAZON-02)
1	91.228.74.133 91.228.74.133	16509 (AMAZON-02) (AMAZON-02)
1 1	52.18.11.109 52.18.11.109	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
141	27

14 104.26.0.97 (United States)

ASN13335 (CLOUDFLARENET, US)

thehackernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 184.30.25.225 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-225.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn3.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 213.254.244.12 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20511.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20520.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20238.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20244.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.87.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-78.fra2.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.186.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.192.155.173 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-155-173.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.19.186.105 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-186-105.eu-west-1.compute.amazonaws.com

att.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.19.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.102.1.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.36 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.224.193.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-52.fra2.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.115 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.9.111.142 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-111-142.eu-west-2.compute.amazonaws.com

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.115.67.144 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.133 (United Kingdom)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.11.109 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-11-109.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	392 KB
27	doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	116 KB
25	doubleverify.com cdn.doubleverify.com cdn3.doubleverify.com rtb0.doubleverify.com tps20511.doubleverify.com tps20520.doubleverify.com tps.doubleverify.com tps20238.doubleverify.com tps20244.doubleverify.com	229 KB
14	thehackernews.com thehackernews.com	278 KB
10	trustarc.com choices.trustarc.com	33 KB
6	google.com 2 redirects www.google.com adservice.google.com	2 KB
6	googletagservices.com www.googletagservices.com	158 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	2 KB
3	openx.net 3 redirects rtb.openx.net	990 B
3	gstatic.com www.gstatic.com	12 KB
3	demdex.net 1 redirects att.demdex.net	3 KB
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	adingo.jp cc.adingo.jp	87 B
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	915 B
2	rlcdn.com 2 redirects id.rlcdn.com	882 B
2	googleapis.com fonts.googleapis.com	2 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	agkn.com d.agkn.com	1 KB
2	2mdn.net s0.2mdn.net	192 KB
2	truste.com choices.truste.com	18 KB
1	everesttech.net 1 redirects pixel.everesttech.net	376 B
1	quantserve.com cms.quantserve.com	463 B
1	innovid.com ag.innovid.com	296 B
1	googleadservices.com partner.googleadservices.com	664 B
1	cloudflare.com cdnjs.cloudflare.com	28 KB
141	25

	Domain	Requested by
18	pagead2.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com thehackernews.com pagead2.googlesyndication.com www.googletagservices.com googleads.g.doubleclick.net
15	tpc.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net
14	thehackernews.com	thehackernews.com
11	cm.g.doubleclick.net	googleads.g.doubleclick.net
10	choices.trustarc.com	choices.truste.com choices.trustarc.com
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	cdn.doubleverify.com	thehackernews.com cdn.doubleverify.com ad.doubleclick.net
6	www.googletagservices.com	cdn.doubleverify.com www.googletagservices.com ad.doubleclick.net pagead2.googlesyndication.com googleads.g.doubleclick.net
4	www.google.com	2 redirects tpc.googlesyndication.com
4	googleads4.g.doubleclick.net	ad.doubleclick.net
3	image6.pubmatic.com	3 redirects
3	rtb.openx.net	3 redirects
3	www.gstatic.com	googleads.g.doubleclick.net
3	tps20520.doubleverify.com	cdn.doubleverify.com
3	att.demdex.net	1 redirects thehackernews.com
3	tps20511.doubleverify.com	cdn.doubleverify.com
2	e.dlx.addthis.com	2 redirects
2	cc.adingo.jp	googleads.g.doubleclick.net
2	pixel.rubiconproject.com	2 redirects
2	id.rlcdn.com	2 redirects
2	tps20244.doubleverify.com	cdn.doubleverify.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	tps20238.doubleverify.com	cdn.doubleverify.com
2	adservice.google.com	pagead2.googlesyndication.com
2	www.google-analytics.com	thehackernews.com www.google-analytics.com
2	tps.doubleverify.com	cdn.doubleverify.com
2	d.agkn.com	thehackernews.com
2	s0.2mdn.net	thehackernews.com
2	choices.truste.com	ad.doubleclick.net
2	ad.doubleclick.net	www.googletagservices.com
2	rtb0.doubleverify.com	cdn.doubleverify.com
2	cdn3.doubleverify.com	cdn.doubleverify.com
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	ag.innovid.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdnjs.cloudflare.com	thehackernews.com
141	38

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
deals.thehackernews.com
thehackernews.tradepub.com
www.instagram.com
t.me
go.thn.li
www.cheatengine.org
securelist.com
docs.microsoft.com
hubs.la
www.recordedfuture.com
therecord.media
www.reddit.com
news.ycombinator.com
api.whatsapp.com
telegram.me
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
thehackernews.com Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2022-01-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.truste.com Amazon	`2021-02-16` - `2022-03-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Frame ID: 01FA3D923CD3D7CAF284CB067D487EE8
Requests: 74 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 0DF8F2D9388A16C15A97DA60B80F1C6B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: 23F4342FEC58B4E17F7D88A72EE8DE5D
Requests: 1 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 4DA3AE3067E02247E07887E41D672336
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: C75C538C33D825F322AEAFF3D4B696FE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1782.js
Frame ID: 01191A8019917FE88EF6E8C6EEC304C8
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E3A4D33707037028109BC77282A17FF8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6546A7453CEFAE4B32C84A265DC10CDD
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1782.js
Frame ID: 1091C9835A6A7B58975EC0966C1406DF
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20190131/zrt_lookup.html
Frame ID: 9D6756C6500D87C76ED99BB88D0F51DB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236
Frame ID: F1BEF8EDD888AE8593637BB9D4E927D6
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1633096617&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710721&bpp=2&bdt=1132&idt=274&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&nras=1&correlator=4029967940569&frm=20&pv=1&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=301
Frame ID: 8C4E64002D055A8047229822819C756D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: BCFBC439BC0247E843E59C0C9D61A63E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BCBCC1B017D61BEAB4D2000E4E0E86C3
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 0FFA7A02209D1FE3F070A3BED7957067
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: C154EF64C058A23ECEFB0261AAE9D65B
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1
Frame ID: AA420E49070DC8932685434E72AA5FF3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B39AA37112E5AEBDE6B4FCFB378ABDDE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 962C725EB07464BAE6780F24A9390838
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js
Frame ID: 2F2269696A3673D13829334D311E2F22
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: B6C2AD73790434F972B022D7B835AD1F
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 4C73934331F726B6C7153A507B4D1C29
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 14637491972DBCA080608CF60D44E891
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

141
Requests

99 %
HTTPS

0 %
IPv6

25
Domains

38
Subdomains

27
IPs

6
Countries

1492 kB
Transfer

3758 kB
Size

31
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thehackernews
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/thehackersnews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/thehackernews?sub_confirmation=1
Title: 

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/
Title:  Offers

Search URL Search Domain Scan URL

URL: https://thehackernews.tradepub.com/
Title: Free eBooks

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/free
Title: Freebies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://t.me/joinchat/AAAAADwuDObFWF60CiR-HQ
Title:  Telegram Channel

Search URL Search Domain Scan URL

URL: https://go.thn.li/crowdsec-728

Search URL Search Domain Scan URL

URL: https://go.thn.li/rewind-1

Search URL Search Domain Scan URL

URL: https://www.cheatengine.org/
Title: Cheat Engine

Search URL Search Domain Scan URL

URL: https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
Title: said

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page
Title: WMI

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Title: PsExec

Search URL Search Domain Scan URL

URL: https://hubs.la/H0XCGyv0

Search URL Search Domain Scan URL

URL: https://www.recordedfuture.com/china-linked-tag-28-targets-indias-the-times-group/
Title: discovered

Search URL Search Domain Scan URL

URL: https://therecord.media/suspected-chinese-state-linked-threat-actors-infiltrated-major-afghan-telecom-provider/
Title: unearthed

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&text=Chinese%20Hackers%20Used%20a%20New%20Rootkit%20to%20Spy%20on%20Targeted%20Windows%2010%20Users&via=TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html
Title: 

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&t=Chinese%20Hackers%20Used%20a%20New%20Rootkit%20to%20Spy%20on%20Targeted%20Windows%2010%20Users
Title: Share on Hacker News

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Chinese%20Hackers%20Used%20a%20New%20Rootkit%20to%20Spy%20on%20Targeted%20Windows%2010%20Users%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html
Title: Share on WhatsApp

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&text=Chinese%20Hackers%20Used%20a%20New%20Rootkit%20to%20Spy%20on%20Targeted%20Windows%2010%20Users
Title: Share on Telegram

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsuBXOwgdq-XBkDswmHFqwZlsVBlNC-pFO4sv0pJ_eEHX5dZf_vXWabbePs6hPzGwPa98BVNHM-N2iCvBRlrHtjl3maW-8Ob24WQNdqBKA3UWduImBdowQEw83IdJSeePdd-Eg&sig=Cg0ArKJSzJ3T3ASeUZz0&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://d.agkn.com/pixel/2389/%3Fche%3D4099210527%26col%3D24935727,5936378,292494536,486197547,144332637%26l0%3Dhttp://att.demdex.net/event%3Fd_event%3Dclick%26d_src%3D127123%26d_adsrc%3D6141273%26d_campaign%3D24935727%26d_placement%3D292494536%26d_site%3D5936378%26d_creative%3D144332637%26d_adgroup%3D486197547%26d_rd%3Dhttps://cybersecurity.att.com/resource-center/white-papers/cybersecurity-insights-report-tenth-edition%253Futm_medium%253DAdvertising%2526utm_source%253Dthn%2526utm_campaign%253DSOC-eBook%2526source%253DEBBrHNAVT00AvtDyO%2526type%253Ddisplay%2526LNS%253DTP_OT_MLT_DSP_0720%2526gcm_uid%253D0%2526dclid%253D%2525edclid!

Search URL Search Domain Scan URL

URL: https://go.thn.li/sec-code-1

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsvgleIkRmOqFce8snlmoHJviCZrHirlv-FtlYLhZyA2j8V9HYEooh3IxdRwpaU7a4E7yp5tps1vmyS9povS6w_CrDMrcvMqOQ4WpSfyRjmxpsOH7Sv_SbcSB_OV3sWdT1_VlJc1XGk5lOYZZmEARdDrhqhZ8g5z-OUeGmtBfmxV4pdVCXRDdEgnvB1Wr7hr5go71TgboRR-TGb_&sig=Cg0ArKJSzD8ZpgWd7KID&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://d.agkn.com/pixel/2389/%3Fche%3D3479980165%26col%3D24935727,5936378,292495514,485910716,143061732%26l0%3Dhttp://att.demdex.net/event%3Fd_event%3Dclick%26d_src%3D127123%26d_adsrc%3D6141273%26d_campaign%3D24935727%26d_placement%3D292495514%26d_site%3D5936378%26d_creative%3D143061732%26d_adgroup%3D485910716%26d_rd%3Dhttps://cybersecurity.att.com/resource-center/ebook/how-to-build-a-security-operations-center%253Futm_medium%253DAdvertising%2526utm_source%253Dthn%2526utm_campaign%253DSOC-eBook%2526source%253DEBBrHNAVT00AvtDyO%2526type%253Ddisplay%2526LNS%253DTP_OT_MLT_DSP_0720%2526gcm_uid%253DAMsySZZDNVVJoX6SMSQeK-ojCQa9%2526dclid%253D%2525edclid!

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-1
Title: Reduce Recurring VulnerabilitiesWatch the video to find out how Alice the AppSec Manager turned her consistent bad days around with help from Secure Code Warrior.

Search URL Search Domain Scan URL

URL: https://go.thn.li/scw-native-1
Title: Compete. Win prizes. Become the ultimate Warrior.Join the Devlympics 2021 and compete internationally to be crowned the Ultimate Secure Code Warrior and win big.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-2019-ethical-hacker-masterclass-bundle
Title: <img alt='Learn Ethical Hacking Online' class='deal-link' src='https://thehackernews.com/images/-6bFLF28Wvxc/XHaUg588fBI/AAAAAAAAAGU/USPKfrcXaLgzaOBfKGb92v-0T12CIaK9wCLcBGAs/s260-e100/learn-hacking-training.jpg'/> Ethical Hacking - Practical Training 10 courses + 1,236 lessons on latest techniques, forensics, malware analysis, network security and programming.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/lifetime-access-to-stackskills-unlimited
Title: <img alt='Unlimited Secure VPN Service' class='deal-link' src='https://thehackernews.com/images/-NnUk1eJVmVk/XHggwOYT51I/AAAAAAAAzbg/_5sUNHfsdiYDo-si4rya7tVT4pSZI0qSACLcBGAs/s260-e100/unlimited-vpn.jpg'/> 1000+ Premium Online Courses With course certification, Q/A webinars and lifetime access.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-cybersecurity-expert-certification-training-bundle
Title: <img alt='Best Hacking Books' class='deal-link' src='https://thehackernews.com/images/-4fAuruXOrkE/XDW4dE5zVMI/AAAAAAAAy9A/K13EeHK67NM69FUaCYDYtunHofUHjtt4wCLcBGAs/s260-e100/hacking-cybersecurity-books.jpg'/> Cybersecurity Certification Training CISA, CISM, CISSP, PMI-RMP, and COBIT 5 certifications.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-complete-2020-comptia-certification-training-bundle
Title: <img alt='Cisco Certification Courses' class='deal-link' src='https://thehackernews.com/images/-2nVCe__qYkc/WxVG9s8C7CI/AAAAAAAAw6Q/fFsdOSE-DEYDqqf3z9KWus0oBWdbzAkAgCLcBGAs/s260-e100/cisco-it-networking-certification.png'/> CompTIA IT Certification Training Lifetime access to 14 expert-led courses.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/citizengoods-exclusives
Title: Exclusives

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/hacking
Title: Hacking

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-specialization-developer
Title: Development

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-interest-android
Title: Android

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://att.demdex.net/event?d_event=imp&d_src=127123&d_bu=1020274&d_creative=144332637&d_placement=292494536&d_campaign=24935727&d_site=5936378 HTTP 302
https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_bu=1020274&d_creative=144332637&d_placement=292494536&d_campaign=24935727&d_site=5936378

Request Chain 116

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLlZ1txHfutUNpIP9PGdKFjkAOK1RsVozfNxxO0XxyknNN3bkhqb8Mq1GdaEO2ci7geMTrArUGhEXwhRyXXvXaZgD9Q59Q&google_gid=CAESEHYJpI9mGO1cOnkiySsi9fE&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPCv3IoGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMbFoxdHhIZnV0VU5wSVA5UEdkS0Zqa0FPSzFSc1ZvemZOeHhPMFh4eWtuTk4zYmtocWI4TXExR2RhRU8yY2k3Z2VNVHJBclVHaEVYd2hSeVhYdlhhWmdEOVE1OVE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwME40SmNqWjNqR2lmRGdubzJnZ1duQThvWUE0RmZTZDZKdDdEWVZTaGNocw==&google_push

Request Chain 117

https://rtb.openx.net/sync/dds?google_gid=CAESEEKNggTdgtC2lcICUOiq8vA&google_cver=1&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEEKNggTdgtC2lcICUOiq8vA&google_cver=1&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==

Request Chain 118

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEAYTMUiQkY5PVI3Q3PdAAo&google_cver=1&google_push=AYg5qPLmS5EJLEaUuQ59BdgYMir7VNm5PcpwPQjT18gandBl591SQ3xYLH-WoigGR8z8zQEFyy0PzYG8Z_YQylIsI6zAdwXm3nY HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEAYTMUiQkY5PVI3Q3PdAAo&google_cver=1&google_push=AYg5qPLmS5EJLEaUuQ59BdgYMir7VNm5PcpwPQjT18gandBl591SQ3xYLH-WoigGR8z8zQEFyy0PzYG8Z_YQylIsI6zAdwXm3nY&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLmS5EJLEaUuQ59BdgYMir7VNm5PcpwPQjT18gandBl591SQ3xYLH-WoigGR8z8zQEFyy0PzYG8Z_YQylIsI6zAdwXm3nY

Request Chain 119

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH6eIoYx2jpJqcuRTXaxdUs&google_cver=1&google_push=AYg5qPJ90zyxEyCKlKeGH4AhzCwAr829wdL213-5r_5cOpkNr-WB9eo_1bExC-_zKWQXjzVn5d_Al57Y8PfutokWhOEXR1Ij6w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOT1ItMUEtNE1MMQ==&google_push=AYg5qPJ90zyxEyCKlKeGH4AhzCwAr829wdL213-5r_5cOpkNr-WB9eo_1bExC-_zKWQXjzVn5d_Al57Y8PfutokWhOEXR1Ij6w

Request Chain 120

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c

Request Chain 124

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 136

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLlZq9JjU55iV1FjhMlzNylj4B1ZRMjoSz92arZieuFiblREOLopxTF3Tc9Fa6SlPsQFqbPFKdW2I-N0J9Gmdgk-lnqnTlZ&google_gid=CAESEKOuHXdkP4q5GlFVvnAAwVo&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVZjWDhBQUFCWXJ6aDJxag&google_push=AYg5qPLlZq9JjU55iV1FjhMlzNylj4B1ZRMjoSz92arZieuFiblREOLopxTF3Tc9Fa6SlPsQFqbPFKdW2I-N0J9Gmdgk-lnqnTlZ

Request Chain 137

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKAKFtKr06L93gO5ZMm8-UTUDt_Z3irJ6cvRyTwqdU2yhuQ4MUxOEzpCstdvzD-gXxhJQNaw1mXo-fe3s1g6F3vaWhI2EWy&google_gid=CAESELCDNzmpHTT4yseoyJ8tYog&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKAKFtKr06L93gO5ZMm8-UTUDt_Z3irJ6cvRyTwqdU2yhuQ4MUxOEzpCstdvzD-gXxhJQNaw1mXo-fe3s1g6F3vaWhI2EWy&google_gid=CAESELCDNzmpHTT4yseoyJ8tYog&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMDExNDE1MTMwMDAxNjE5NzE3OTU4MQ%3D%3D&google_push=AYg5qPKAKFtKr06L93gO5ZMm8-UTUDt_Z3irJ6cvRyTwqdU2yhuQ4MUxOEzpCstdvzD-gXxhJQNaw1mXo-fe3s1g6F3vaWhI2EWy

Request Chain 138

https://rtb.openx.net/sync/dds?google_gid=CAESEEKNggTdgtC2lcICUOiq8vA&google_cver=1&google_push=AYg5qPLky-izvD0NJ2f1QR5F4p4rL4IFYgqbQsLHcQ6Ra-h80WnGahJqvcl2meTURudaNtc8CnqapXjO0yYPDnbDL5BJOmNul-_p HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLky-izvD0NJ2f1QR5F4p4rL4IFYgqbQsLHcQ6Ra-h80WnGahJqvcl2meTURudaNtc8CnqapXjO0yYPDnbDL5BJOmNul-_p&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==

Request Chain 139

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEAYTMUiQkY5PVI3Q3PdAAo&google_cver=1&google_push=AYg5qPImss3s_oyWNgpCtCllj2nn8o7MUaa4QLceGcxUdUGiH3D_pQbg9aVS204Mso8Rv8rJBazVDRmH9T-7D2waMR79RrV0o_uR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPImss3s_oyWNgpCtCllj2nn8o7MUaa4QLceGcxUdUGiH3D_pQbg9aVS204Mso8Rv8rJBazVDRmH9T-7D2waMR79RrV0o_uR

Request Chain 140

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH6eIoYx2jpJqcuRTXaxdUs&google_cver=1&google_push=AYg5qPLeD4CeXsfnxCCSDGYxSSSglcic47euXHU9xAqeryJ6MDjH2N3gVYirdKCALNDvzYH4hTEz3izF5H4b7FdIsv_4Aw0ivUY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOVVgtNi01RTQz&google_push=AYg5qPLeD4CeXsfnxCCSDGYxSSSglcic47euXHU9xAqeryJ6MDjH2N3gVYirdKCALNDvzYH4hTEz3izF5H4b7FdIsv_4Aw0ivUY

Request Chain 143

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

141 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request chinese-hackers-used-new-rootkit-to-spy.html Show response
thehackernews.com/2021/10/ 111 KB
41 KB 71ms
33ms Document
text/html 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordPress VIP

Resource Hash

030c41b2b0b75992f3c9ecdacffcdb0facd534c131c4dbe6d7180ddbdf5e8eed

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: thehackernews.com
:scheme: https
:path: /2021/10/chinese-hackers-used-new-rootkit-to-spy.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
content-type: text/html; charset=UTF-8
cf-ray: 69764d2cbdaf27bc-PRG
age: 866
cache-control: public, s-maxage=604800, max-age=0
expires: Fri, 01 Oct 2021 14:00:42 GMT
last-modified: Fri, 01 Oct 2021 13:56:57 GMT
link: </css/roboto.css>; as=style; rel=preload
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-forwarded-for: 216.131.114.186
x-frame-options: DENY
x-powered-by: WordPress VIP
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7USHB6BPTgA3W7InwBzuvJjpnyf%2F73FGBR2F4DMs6UCaPUs%2BJcbWdWLkIfrtiwDT2DCLzlXQ81XYosRx3lGId5%2FJHy773nKfjz2zsuOLAr3c060%2FCL15s8OaDt%2FPS%2BxTAr6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-h2-pushed: </css/roboto.css>

GET
H2 200 roboto.css
thehackernews.com/css/ 77 KB
57 KB 10ms
0ms Stylesheet
text/css 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/css/roboto.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jopyxWDfDmEK%2F3hfhruXDfjthTIAbQk%2FoPrL4hBjy51p%2BfUpWQ1R3QcrEctUvHxt0vyb4TX%2BdgE2KbeLe%2F9A5iAGY4IsprxGNNk9fHEqsVhe3NZ1RuWARWq9CrY%2B22FxgW81"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, immutable, s-maxage=8640000
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 69764d2cddd327bc-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 banner-1.jpg
thehackernews.com/images/-xEQf4RPeHhs/YS85adrOzEI/AAAAAAAA4XQ/xivqoYJZviMU2h2UHbPvyOHysINfmVabACLcBGAsYHQ/s728-e100/ 16 KB
17 KB 46ms
46ms Image
image/jpeg 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-xEQf4RPeHhs/YS85adrOzEI/AAAAAAAA4XQ/xivqoYJZviMU2h2UHbPvyOHysINfmVabACLcBGAsYHQ/s728-e100/banner-1.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e01ddff81ef43d93f47545eb333edda3130c28ec9b62ed8a71100f1cbfd94887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-xEQf4RPeHhs/YS85adrOzEI/AAAAAAAA4XQ/xivqoYJZviMU2h2UHbPvyOHysINfmVabACLcBGAsYHQ/s728-e100/banner-1.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6714
cf-polished: origSize=17378, status=webp_bigger
content-disposition: inline;filename="banner-1.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 16186
x-xss-protection: 0
expires: Fri, 31 Dec 2021 03:11:54 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve176"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxAM7WPOMXmMaut0dLqBOguuomgh1Fw%2BOvDU4%2B1bN7Jc7ilD1jdMiipjPPSU4zVGozPFf0Ys952EJKc5PBtiijreuCv1Ep6sRbHnDOmeCvTBCsVMWQnhDvq7yYofA3kRlfEG"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d2d1ca12788-PRG
access-control-expose-headers: Content-Length

GET
H3 200 rootkit-malware.jpg
thehackernews.com/images/-dTQPLiZpoMg/YVb9OIUjGuI/AAAAAAAA4a0/RwDpM_rbxoQt9tVL6ckxsSTEfn5nEsmMgCLcBGAsYHQ/s728-e1000/ 27 KB
28 KB 30ms
29ms Image
image/jpeg 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-dTQPLiZpoMg/YVb9OIUjGuI/AAAAAAAA4a0/RwDpM_rbxoQt9tVL6ckxsSTEfn5nEsmMgCLcBGAsYHQ/s728-e1000/rootkit-malware.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

342e6c1168651ef867412d5bc824e72b82cf3b8c9862fb7886a2a15915cebda5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-dTQPLiZpoMg/YVb9OIUjGuI/AAAAAAAA4a0/RwDpM_rbxoQt9tVL6ckxsSTEfn5nEsmMgCLcBGAsYHQ/s728-e1000/rootkit-malware.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6533
cf-polished: origSize=31053, status=webp_bigger
content-disposition: inline;filename="rootkit-malware.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 27871
x-xss-protection: 0
expires: Thu, 27 Jun 2024 12:26:16 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve1ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkMo3CKk4wcXMHP4Y4fr2%2F5GmdI%2Ba%2Fi2VXioTaAhKix0BDY7yo%2BOQjY%2FoKDL06T8lOz6IbHsfymmhDeEb1QKNMrt6FQfBMQJxD67DZiC8OjeyjnGLg%2FkaouJ6AdBw6uauL4n"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d2d1ca22788-PRG
access-control-expose-headers: Content-Length

GET
H3 200 AVvXsEhkubH_nmuLu7jakDfKmWLy_HRGVOlbULoiUSF2NCFSHmShxAwnAqzpDczBkqHpjYg-fh3_ARoZuBk_YTHMC0Fbj-wo9z9vk3QcqJWslCHegJL3_ym_xUAv1us0DOoIOLGqDoz4I9TzgcqbZtD2WaePO_3S2TBxvsFN2Yv5LMuO3_NA3zmyC4TNa_dh=s728...
thehackernews.com/new-images/img/a/ 68 KB
69 KB 59ms
59ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/a/AVvXsEhkubH_nmuLu7jakDfKmWLy_HRGVOlbULoiUSF2NCFSHmShxAwnAqzpDczBkqHpjYg-fh3_ARoZuBk_YTHMC0Fbj-wo9z9vk3QcqJWslCHegJL3_ym_xUAv1us0DOoIOLGqDoz4I9TzgcqbZtD2WaePO_3S2TBxvsFN2Yv5LMuO3_NA3zmyC4TNa_dh=s728-e1000

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.34

Resource Hash

a67aec900303556c78df225e4dbcee27c4cf192663d97bfa17aa97780754ffec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /new-images/img/a/AVvXsEhkubH_nmuLu7jakDfKmWLy_HRGVOlbULoiUSF2NCFSHmShxAwnAqzpDczBkqHpjYg-fh3_ARoZuBk_YTHMC0Fbj-wo9z9vk3QcqJWslCHegJL3_ym_xUAv1us0DOoIOLGqDoz4I9TzgcqbZtD2WaePO_3S2TBxvsFN2Yv5LMuO3_NA3zmyC4TNa_dh=s728-e1000
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5852
cf-polished: origFmt=jpeg, origSize=75390
cf-bgj: imgq:100,h2pri
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 69516
last-modified: Fri, 01 Oct 2021 12:37:37 GMT
server: cloudflare
x-powered-by: PHP/7.2.34
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FxHXBFPr%2F6qjK6nwOy%2FkjyqPSwQMbL%2BpUlp74NiEtPx3VGuowx7IBRCfuCQjgC9bJiK2ScADQz3wPeqOtnQidxqrhNoSGrFxeC0tK5v3Ffr1rvKVlsSgxH7OPSqVO9oCsaiW"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 69764d2d2ca62788-PRG
expires: Sun, 31 Oct 2021 12:37:37 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 103 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Referer
Origin: https://thehackernews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ 2 KB
2 KB 58ms
6ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292494536%26sid%3D5936378%26dvregion%3D2%26unit%3D300x250
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 42977b3f1bf3b11d34a40c50c095d65b3ba8631ef4ebb37b950ccd9c401d2181

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Aug 2021 12:31:26 GMT
Server: Microsoft-IIS/10.0
ETag: "60d09d781a8dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ 2 KB
2 KB 58ms
7ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292495514%26sid%3D5936378%26dvregion%3D2%26unit%3D728x90
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 42977b3f1bf3b11d34a40c50c095d65b3ba8631ef4ebb37b950ccd9c401d2181

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Aug 2021 12:31:26 GMT
Server: Microsoft-IIS/10.0
ETag: "60d09d781a8dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H3 200 rocket-loader.min.js Show response
thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 50ms
49ms Script
application/javascript 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Wed, 29 Sep 2021 11:33:04 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"61544ef0-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2FyPIsDqWdDYsxvvj%2FD8Oafme5rXIK%2BZFIS4nvFGE93WUhte71l80d4V3pgi2%2FfxFEKQMgcNkaLOAIlDHlkDdyeSkBUPu9R%2BW6shqHxMui2EVhnsUP6KtT2GeXVCuJ2WeG58"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
cf-ray: 69764d2d4cc92788-PRG
expires: Sun, 03 Oct 2021 14:15:09 GMT

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dvbs_src_internal99.js Show response
cdn.doubleverify.com/ 61 KB
19 KB 6ms
6ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292494536%26sid%3D5936378%26dvregion%3D2%26unit%3D300x250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 158edd2a7562d2b16eadda8fb990eb8d20e53837dd1abdfd2c890fcc0980ede0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Aug 2021 12:31:42 GMT
Server: Microsoft-IIS/10.0
ETag: "08bf9811a8dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19248

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame 0DF8 1 KB
1 KB 29ms
7ms Document
text/html 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://thehackernews.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=51382
Date: Fri, 01 Oct 2021 14:15:09 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ 1 KB
865 B 99ms
11ms Script
text/javascript 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_556233770736&jsTagObjCallback=__tagObject_callback_556233770736&num=6&ctx=&cmp=&plc=&sid=&advid=&adsrv=&unit=&isdvvid=&uid=556233770736&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=3&brver=93&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=0&htmlmsging=1&m1=13&noc=4&fcifrms=1&brh=2&fwc=0&flt=9&fec=385&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=147&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&dvp_exetime=10.90&callbackName=__verify_callback_556233770736
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 169a6ab5b6e8119554cb3bf3143f981078a0164b5b489176aaa85ba393cdbcf6

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
X-DV-Response: 0
Content-Encoding: gzip
Date: Fri, 01 Oct 2021 14:15:09 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 9/30/2021 2:15:09 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame 23F4 4 KB
2 KB 7ms
7ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=55023
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

POST
H/1.1 200
OK bsevent.gif
tps20511.doubleverify.com/ 807 B
1 KB 48ms
7ms Ping
image/gif 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20511.doubleverify.com/bsevent.gif?impid=fabfbb9d80c0482688b07cc3543bf701&dvp_or2=1&cbust=1633097709827293
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 9/30/2021 2:15:09 PM

POST
H/1.1 200
OK bsevent.gif
tps20511.doubleverify.com/ 807 B
1 KB 47ms
8ms Ping
image/gif 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20511.doubleverify.com/bsevent.gif?impid=fabfbb9d80c0482688b07cc3543bf701&vfdur=100&cbust=1633097709829139
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 9/30/2021 2:15:09 PM

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ 9 KB
5 KB 28ms
7ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e12ba31d77c04a9c0c1a461ef0d6b0123cecbd505e00e81486b172a39a27fe77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 01 Oct 2021 14:09:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4419
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 14:05:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-dcm-tag"
expires: Fri, 01 Oct 2021 15:09:21 GMT

GET
H3 200 impl_v79.js Show response
www.googletagservices.com/dcm/ 37 KB
16 KB 22ms
7ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v79.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

44abe3410418a547f3412ba93a94ffdfd1dbadf9c785418af8ef15d7877fa2c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 28 Sep 2021 07:38:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 283016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15928
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 19:19:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-dcm-tag"
expires: Wed, 28 Sep 2022 07:38:13 GMT

GET
H2 200 B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%2... Show response
ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/ 44 KB
22 KB 82ms
42ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=31;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v79.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

6e96b8b55eb772f1a9dbe316b050f4be392b225be0496943ac25d33ac4141a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21590
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 122 KB
37 KB 26ms
25ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=31;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

eb35e2fc6b44a1ba314358847a3ecffb044ac056ff0b374ec17856062cc75ee3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37846
x-xss-protection: 0
server: sffe
etag: "1632957210746890"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Fri, 01 Oct 2021 14:15:09 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210928/r20110914/elements/html/ 8 KB
4 KB 35ms
7ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210928/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

bcb80c86da267703311d2eeb3bdb5af0dedf63589d7d6eee4ed81f4bad7537f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 501
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3143
x-xss-protection: 0
server: cafe
etag: 2416364338287085106
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:06:49 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
545 B 60ms
18ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuBXOwgdq-XBkDswmHFqwZlsVBlNC-pFO4sv0pJ_eEHX5dZf_vXWabbePs6hPzGwPa98BVNHM-N2iCvBRlrHtjl3maW-8Ob24WQNdqBKA3UWduImBdowQEw83IdJSeePdd-Eg&sig=Cg0ArKJSzDM0-lFrg76EEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210928.83024&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ 8 KB
4 KB 7ms
6ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=607671&cmp=24935727&sid=5936378&plc=292494536&advid=6141273&adsrv=1&btreg=486197547&btadsrv=doubleclick&crt=144332637&tagtype=display&dvtagver=6.1.src&auevent=__AP1_np_dv_yjc9k9xdqctPA__
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=31;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 15bab76013ea4ae99cd6ee52a984c94c33448ebb948b6f5e016c008696558661

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Sep 2021 11:31:01 GMT
Server: Microsoft-IIS/10.0
ETag: "80c822693b3d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3291

GET
H2 200 ca Show response
choices.truste.com/ 28 KB
9 KB 135ms
101ms Script
text/javascript 13.225.87.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=att01&aid=att_hs&cid=24935727_144332637_292494536&js=st0
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=31;prcl=s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-78.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 3d4c87f9ddb4839b27b91329320691deb97f9292e11b425f0b5fd4f35788738c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-id: 7n0cxO5UvpX6CEGuFYSFygqD50GkhlMgykL_U39nyo9GwpkVlghFvQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ 41 KB
15 KB 84ms
17ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 14:19:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86130
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 30 Sep 2022 14:19:40 GMT

GET
H2 200 I_ABU_AVT_3_STB_MOB_300x250_S_N_EN_NA_ABS_AVT_TenthEdition_NA_NA_01-08_01_MF.jpg
s0.2mdn.net/6141273/ 131 KB
131 KB 75ms
7ms Image
image/jpeg 142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6141273/I_ABU_AVT_3_STB_MOB_300x250_S_N_EN_NA_ABS_AVT_TenthEdition_NA_NA_01-08_01_MF.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

sffe /

Resource Hash

c2842ab20cc17cb61e32799c8cff642f37a20a933b12f678628b4666c0311f78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 08:13:54 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 Jan 2021 23:43:35 GMT
server: sffe
age: 21676
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133793
x-xss-protection: 0
expires: Sat, 02 Oct 2021 08:13:54 GMT

GET
H/1.1 200
OK /
d.agkn.com/pixel/2387/ 43 B
669 B 82ms
8ms Image
image/gif 18.192.155.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=US&st=TX&city=13248&dma=99&zp=&bw=3&che=4099210527&col=24935727,5936378,292494536,486197547,144332637
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.155.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-155-173.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:10 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

firstevent
att.demdex.net/
Redirect Chain

https://att.demdex.net/event?d_event=imp&d_src=127123&d_bu=1020274&d_creative=144332637&d_placement=292494536&d_campaign=24935727&d_site=5936378
https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_bu=1020274&d_creative=144332637&d_placement=292494536&d_campaign=24935727&d_site=5936378

42 B
945 B

63ms
39ms

Image
image/gif

52.19.186.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_bu=1020274&d_creative=144332637&d_placement=292494536&d_campaign=24935727&d_site=5936378

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.186.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-186-105.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v018-0f3e9ae8e.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: qq27Sp7ERAE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v018-0efdf6442.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: smRjAPCTQMw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_bu=1020274&d_creative=144332637&d_placement=292494536&d_campaign=24935727&d_site=5936378
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame 4DA3 1 KB
1 KB 7ms
7ms Document
text/html 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://thehackernews.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=51382
Date: Fri, 01 Oct 2021 14:15:09 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ 1 KB
866 B 12ms
12ms Script
text/javascript 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_681880276719&jsTagObjCallback=__tagObject_callback_681880276719&num=6&ctx=&cmp=&plc=&sid=&advid=&adsrv=&unit=&isdvvid=&uid=681880276719&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=3&brver=93&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=0&htmlmsging=1&m1=13&noc=4&fcifrms=3&brh=2&fwc=0&flt=9&fec=468&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=147&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&dvp_exetime=10.90&callbackName=__verify_callback_681880276719
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e4d79250af590eae0bbb053a067b37cb7cdad99454e785ae15edce9e2ee69fd9

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
X-DV-Response: 0
Content-Encoding: gzip
Date: Fri, 01 Oct 2021 14:15:09 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 9/30/2021 2:15:09 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame C75C 4 KB
2 KB 7ms
6ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:10 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=55022
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

POST
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ 807 B
1 KB 57ms
32ms Ping
image/gif 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=c983324068a0441cbf804f2ee0f3f301&vfdur=100&cbust=1633097710056338
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 9/30/2021 2:15:10 PM

GET
H3 200 B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnul... Show response
ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/ 44 KB
21 KB 54ms
39ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=2;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v79.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

a1010add519c7d91c7c144a0f67a625c8cc92b140879242993e7b94923e67ba1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21909
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dv-measurements1782.js Show response
cdn.doubleverify.com/ Frame 0119 496 KB
90 KB 7ms
7ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1782.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 71b0efc7eb5ba2a2c73064f286ba8ba97367faad8d384a2c1dc47282f3090f29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:10 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Sep 2021 07:35:20 GMT
Server: Microsoft-IIS/10.0
ETag: "06c513972b3d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 91709

POST
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ 807 B
1 KB 22ms
22ms Ping
image/gif 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=c983324068a0441cbf804f2ee0f3f301&pltfrm=Linux%20x86_64&dvp_or1=1&cbust=1633097710131375
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 9/30/2021 2:15:10 PM

POST
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ 807 B
1 KB 21ms
9ms Ping
image/gif 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=c983324068a0441cbf804f2ee0f3f301&dvp_or2=1&cbust=1633097710131404
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 9/30/2021 2:15:10 PM

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ 0
23 B 58ms
32ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E3A4 22 KB
8 KB 28ms
9ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 30 Sep 2021 14:19:40 GMT
expires: Fri, 30 Sep 2022 14:19:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ 0
23 B 42ms
33ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvOLn106c3L5slD7xM4iia9AlU3D-T6AGM407MK_ST2kUOKa6uOcWSSO-rYk6D8SXGjdvAgUIi2DL0DT_-lnAQvjxB3V_qsn6AE2pckREwHrhenwYO__Rbk-I9wsdrNyq-s0M3yboq9wwSg9NOZfI3Vhepn2RCI8p6m7I1TKX9KkafhIA&sig=Cg0ArKJSzOPVm_XLHQYLEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210928.29001&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=2;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ 8 KB
4 KB 13ms
11ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=607671&cmp=24935727&sid=5936378&plc=292495514&advid=6141273&adsrv=1&btreg=485910716&btadsrv=doubleclick&crt=143061732&tagtype=display&dvtagver=6.1.src&auevent=__AP1_np_dv_yjc9k9xdqctPA__
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=2;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 15bab76013ea4ae99cd6ee52a984c94c33448ebb948b6f5e016c008696558661

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:10 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Sep 2021 11:31:01 GMT
Server: Microsoft-IIS/10.0
ETag: "80c822693b3d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3291

GET
H2 200 ca Show response
choices.truste.com/ 28 KB
9 KB 199ms
198ms Script
text/javascript 13.225.87.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=att01&aid=att_hs&cid=24935727_143061732_292495514&js=st0
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=2;prcl=s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-78.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: bb1bc784da47581f6855c09b77f77411a88718860718a79b1cbab345a9869c21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-id: u9lI6JH-AjKQnCXMW_U3EGdavpslt5s2iCPCsU5sTcUsczJGsdb3Kw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 I_ABU_AVT_3_STB_DTP_728x90_S_N_EN_NA_ABS_AVT_ForresterWave_NA_NA_01-01_01_MF.jpg
s0.2mdn.net/6141273/ 61 KB
61 KB 42ms
16ms Image
image/jpeg 142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6141273/I_ABU_AVT_3_STB_DTP_728x90_S_N_EN_NA_ABS_AVT_ForresterWave_NA_NA_01-01_01_MF.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

sffe /

Resource Hash

c5d699fefdbb1353ad990ad49626c5f022090b3c956cea7d9c823c68905b948b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 08:24:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 21:55:20 GMT
server: sffe
age: 21069
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62003
x-xss-protection: 0
expires: Sat, 02 Oct 2021 08:24:01 GMT

GET
H/1.1 200
OK /
d.agkn.com/pixel/2387/ 43 B
669 B 14ms
13ms Image
image/gif 18.192.155.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=US&st=TX&city=13248&dma=99&zp=&bw=3&che=3479980165&col=24935727,5936378,292495514,485910716,143061732
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.155.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-155-173.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:10 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK event
att.demdex.net/ 42 B
945 B 93ms
50ms Image
image/gif 52.19.186.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://att.demdex.net/event?d_event=imp&d_src=127123&d_bu=1020274&d_creative=143061732&d_placement=292495514&d_campaign=24935727&d_site=5936378

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.186.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-186-105.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v018-0b2a1d0a1.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: H6e9UfPrRnk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6546 22 KB
8 KB 8ms
7ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 30 Sep 2021 14:19:40 GMT
expires: Fri, 30 Sep 2022 14:19:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 0119 3 KB
2 KB 139ms
12ms Script
text/javascript 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=136&ttfrms=38&brid=3&brver=93.0.4577.63&bridua=3&bds=1&tstype=1&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&srcurlD=0&aUrlD=0&ssl=https:&dfs=473&ddur=8&uid=1633097710230432&jsCallback=dvCallback_1633097710230550&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F93.0.4577.63%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1782&tgjsver=1782&lvvn=28&m1=13&refD=0&referrer=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&fwc=0&flt=9&fec=490&fcifrms=7&brh=2&sdf=2&dvp_epl=149&noc=4&ctx=607671&cmp=24935727&sid=5936378&plc=292494536&crt=144332637&btreg=486197547&btadsrv=doubleclick&adsrv=1&advid=6141273&tagtype=display&errorURL=https://tps.doubleverify.com/visit.jpg&auevent=__AP1_np_dv_yjc9k9xdqctPA__&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=122519601661.64677&dvp_tukv=562078408.6561797&dvp_uuid=966399033.7501243&dvp_tuid=141824580159
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1782.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 11c02ea0616ce36e0aa72c7b544c43f5b5ddec901bc85c93b31746e8f6425aed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 9/30/2021 2:15:10 PM

GET
DATA 200
OK truncated
/ 194 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ 0
23 B 33ms
33ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dv-measurements1782.js Show response
cdn.doubleverify.com/ Frame 1091 496 KB
90 KB 7ms
7ms Script
application/javascript 184.30.25.225
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1782.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-225.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 71b0efc7eb5ba2a2c73064f286ba8ba97367faad8d384a2c1dc47282f3090f29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 14:15:10 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Sep 2021 07:35:20 GMT
Server: Microsoft-IIS/10.0
ETag: "06c513972b3d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 91709

GET
H3 200 AVvXsEh_4OKFhHtGW4mXFwr9ORybbzPIz1gbNppYEraIykWFA-_PjWAA2-OyqQyBdgfdUMVsqghRtHA_i7WbxMhOQ5qyowe9PnaUQIpA4ulj_JDH8hj_AInMpyECi_tl9odOHQfh5rApz7N2ETvMgE_wvYCiUHlku8ww1kBwJzwrlAbXWsPyrjolBE1IkaMF=w72-...
thehackernews.com/new-images/img/a/ 4 KB
4 KB 27ms
27ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/a/AVvXsEh_4OKFhHtGW4mXFwr9ORybbzPIz1gbNppYEraIykWFA-_PjWAA2-OyqQyBdgfdUMVsqghRtHA_i7WbxMhOQ5qyowe9PnaUQIpA4ulj_JDH8hj_AInMpyECi_tl9odOHQfh5rApz7N2ETvMgE_wvYCiUHlku8ww1kBwJzwrlAbXWsPyrjolBE1IkaMF=w72-h72-p-k-no-nu

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.34

Resource Hash

06d4f3d0c8ae992e679e554151744fb1893c71221a665bc8afaf7f007d90cb6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /new-images/img/a/AVvXsEh_4OKFhHtGW4mXFwr9ORybbzPIz1gbNppYEraIykWFA-_PjWAA2-OyqQyBdgfdUMVsqghRtHA_i7WbxMhOQ5qyowe9PnaUQIpA4ulj_JDH8hj_AInMpyECi_tl9odOHQfh5rApz7N2ETvMgE_wvYCiUHlku8ww1kBwJzwrlAbXWsPyrjolBE1IkaMF=w72-h72-p-k-no-nu
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6714
cf-polished: origFmt=jpeg, origSize=3931
cf-bgj: imgq:100,h2pri
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3720
last-modified: Fri, 01 Oct 2021 04:32:52 GMT
server: cloudflare
x-powered-by: PHP/7.2.34
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BX13q4PTA72QUFVYLDNycp0ZNohWfS%2F78YfZYwn0CQ1LhHdN5AD9n%2FCgCOXrSiIMxvtmpjFo6%2BCBqP3V0bSYabNLenptFB2BZlfQ4yGUwyc7gyc19eqlpQ99qHn9c9WTmMN2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 69764d31ef362788-PRG
expires: Sun, 31 Oct 2021 12:23:16 GMT

GET
H3 200 LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js Show response
pagead2.googlesyndication.com/bg/ Frame E3A4 35 KB
13 KB 34ms
13ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2dfb50fbcee087cba46eff0fd5d87aee1ed58dfae8f06eda467fd1eb1dee280e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 07:49:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13320
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 01 Oct 2022 07:49:21 GMT

GET
H3 200 LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6546 35 KB
13 KB 37ms
17ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2dfb50fbcee087cba46eff0fd5d87aee1ed58dfae8f06eda467fd1eb1dee280e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 07:49:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13320
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 01 Oct 2022 07:49:21 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 1091 3 KB
2 KB 10ms
10ms Script
text/javascript 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=61&ttfrms=9&brid=3&brver=93.0.4577.63&bridua=3&bds=1&tstype=1&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&srcurlD=0&aUrlD=0&ssl=https:&dfs=473&ddur=8&uid=1633097710417828&jsCallback=dvCallback_1633097710418429&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F93.0.4577.63%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1782&tgjsver=1782&lvvn=28&m1=13&refD=0&referrer=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&fwc=0&flt=9&fec=657&fcifrms=8&brh=2&sdf=2&dvp_epl=149&noc=4&ctx=607671&cmp=24935727&sid=5936378&plc=292495514&crt=143061732&btreg=485910716&btadsrv=doubleclick&adsrv=1&advid=6141273&tagtype=display&errorURL=https://tps.doubleverify.com/visit.jpg&auevent=__AP1_np_dv_yjc9k9xdqctPA__&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=122519601661.64677&dvp_tukv=1413678284442.3066&dvp_uuid=559573659311.2369&dvp_tuid=74512840711
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1782.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 9b836cb9ce59305ebf6df9b3df1c342cedeb71dc9fea2e9cb15801f0d79ab714

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:10 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 9/30/2021 2:15:10 PM

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ 87 KB
28 KB 36ms
19ms Script
application/javascript 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6197868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 27964
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15d95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eT5T2BLmVFjXn555mXCvqDuJ2Fc8TbluKcyq2AUg8l7%2FzaPcS3TaxYvCW9cG6lktRP3g8Xgv%2B9qY%2BbJ64ww8vP65IFKNQcxOHp1pmgo4mPrRVZuK%2B0C7SJrcU%2Fc0%2BxzPVsxoLxr3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 69764d32db1b68f8-FRA
expires: Wed, 21 Sep 2022 14:15:10 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 35ms
8ms Script
text/javascript 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5293
date: Fri, 01 Oct 2021 12:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Fri, 01 Oct 2021 14:46:57 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 141 KB
49 KB 39ms
38ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

19782a157c92c108b57b13a829d75133ce5b72cdfd55ac826951d7c8e43d6837

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50320
x-xss-protection: 0
server: cafe
etag: 6306091806927938580
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 01 Oct 2021 14:15:10 GMT

GET
H3 200 chrome-update.jpg
thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/w72-h72-p-k-no-nu/ 3 KB
4 KB 32ms
28ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/w72-h72-p-k-no-nu/chrome-update.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

360957a4b009a1e47b5463c6459f9d0b7bfa0fb65e891d1595a737f30aab5759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/w72-h72-p-k-no-nu/chrome-update.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6714
cf-polished: origFmt=jpeg, origSize=4010
content-disposition: inline; filename="chrome-update.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3222
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:12:47 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vf9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2F0ponweWViTZZRFbF6VXpiKnSppuKjw6hSuV3SmA927KCcAcEIU1zsYGxDGXWoFt8n%2FeVVpghgRfYFfstzlEmM9%2Bl3K9KOs%2F3qoYBdOZEQRn%2FsFYxFFtxX4tx74J%2BmHKgXu"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d334fe82788-PRG
access-control-expose-headers: Content-Length

GET
H3 200 malware.jpg
thehackernews.com/images/-L2UwHu88leM/YU3GTwPp5oI/AAAAAAAAD5A/1fC54MXfuN4hnm5eqmCsh2ZXjX4dLVnzwCLcBGAsYHQ/w72-h72-p-k-no-nu/ 4 KB
4 KB 46ms
42ms Image
image/jpeg 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-L2UwHu88leM/YU3GTwPp5oI/AAAAAAAAD5A/1fC54MXfuN4hnm5eqmCsh2ZXjX4dLVnzwCLcBGAsYHQ/w72-h72-p-k-no-nu/malware.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b1bc177f3783bc324cc9ac66674d1cee7b284bbadee07daabad007860bff148

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-L2UwHu88leM/YU3GTwPp5oI/AAAAAAAAD5A/1fC54MXfuN4hnm5eqmCsh2ZXjX4dLVnzwCLcBGAsYHQ/w72-h72-p-k-no-nu/malware.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6714
cf-polished: status=not_needed
content-disposition: inline;filename="malware.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3829
x-xss-protection: 0
expires: Sun, 26 Sep 2021 13:14:07 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vf91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0PVl8K%2Bwl0ZvV%2BJI2I5duqCMewsDG1xt23b5ix9B7%2BKw6AFt3IHLi%2FimQRu%2FLRw0QSj%2FTl7dHhbhP46kmpv3Q%2FUjkFxFKA2c1rmTpjmlLaQRO2sSc3KNCOZPoK4t%2FhVPmJe"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d334fec2788-PRG
access-control-expose-headers: Content-Length

GET
H3 200 android-malware.gif
thehackernews.com/images/-PfHQ5Cv9orM/YVGtye7r3RI/AAAAAAAAD6Q/V5Y2ekvFVPISdjaVaQIHn1nyk3I2qwuTwCLcBGAsYHQ/w72-h72-p-k-no-nu/ 2 KB
3 KB 30ms
26ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-PfHQ5Cv9orM/YVGtye7r3RI/AAAAAAAAD6Q/V5Y2ekvFVPISdjaVaQIHn1nyk3I2qwuTwCLcBGAsYHQ/w72-h72-p-k-no-nu/android-malware.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccfeaa388b28962e6bf1e85e29a1e980e3eb9226bdd3c9774af9949656bda235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-PfHQ5Cv9orM/YVGtye7r3RI/AAAAAAAAD6Q/V5Y2ekvFVPISdjaVaQIHn1nyk3I2qwuTwCLcBGAsYHQ/w72-h72-p-k-no-nu/android-malware.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6714
cf-polished: origFmt=gif, origSize=2338
content-disposition: inline; filename="android-malware.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1830
x-xss-protection: 0
expires: Thu, 30 Sep 2021 07:58:55 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vfa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TISV1A%2Bq3clEmvFBeL5n3PP9wlUtInWb%2FNlYVhYfdd77izklIyYVi%2F3320RlulHpCIfSiZojY7S5kGiTjSIKY6fhgWVOPDntZEevGRD%2FW7qxJvDu88jqwIvDabaq8t3SnGiV"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d334fed2788-PRG
access-control-expose-headers: Content-Length

GET
H3 200 hacking.jpg
thehackernews.com/images/-Sr0NDpy16eE/YVFhVYhxLLI/AAAAAAAAD54/xbHoVyMnYe4DGBkj7cQDT1jfTjToAu53ACLcBGAsYHQ/w72-h72-p-k-no-nu/ 2 KB
3 KB 34ms
30ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-Sr0NDpy16eE/YVFhVYhxLLI/AAAAAAAAD54/xbHoVyMnYe4DGBkj7cQDT1jfTjToAu53ACLcBGAsYHQ/w72-h72-p-k-no-nu/hacking.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb8b347e511e6140e023bc0e53805c062e3f74bb907c5642cf87302b539b34ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-Sr0NDpy16eE/YVFhVYhxLLI/AAAAAAAAD54/xbHoVyMnYe4DGBkj7cQDT1jfTjToAu53ACLcBGAsYHQ/w72-h72-p-k-no-nu/hacking.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6714
cf-polished: origFmt=jpeg, origSize=3285
content-disposition: inline; filename="hacking.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2552
x-xss-protection: 0
expires: Fri, 01 Oct 2021 04:00:21 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vf9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQM4CnFdOb1aOKM8M1Lxp8Un7tykLhCJytprlF%2FK7B7xyaxsJ%2BLkV4baUwMS0Smq6VK9hiupNatDOlqBmJ1mYewYS5GO3P7fXV3H%2BFQPHurPBGgGVrx8KoXQMnkpuGiUxjD4"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d334fee2788-PRG
access-control-expose-headers: Content-Length

GET
H3 200 AVvXsEh71rikfMzENrhPmiRTbTEJT4YFFOtbNLIfDKpAAOvNOFlNkg6ikQPKGNBjrEpW4pYaxm2nKzArl6FdUjBzPZV36AF4Adm3jmLFKR7hTlRgIBETR6DGeQ1GCasKScrcmexpGJ4Kbbc63iVP3ck3-1UKc4WwS2lHWX8pHXMrU3oGSw9N5IFq9yElhbWZ=w72-...
thehackernews.com/new-images/img/a/ 3 KB
3 KB 34ms
30ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/a/AVvXsEh71rikfMzENrhPmiRTbTEJT4YFFOtbNLIfDKpAAOvNOFlNkg6ikQPKGNBjrEpW4pYaxm2nKzArl6FdUjBzPZV36AF4Adm3jmLFKR7hTlRgIBETR6DGeQ1GCasKScrcmexpGJ4Kbbc63iVP3ck3-1UKc4WwS2lHWX8pHXMrU3oGSw9N5IFq9yElhbWZ=w72-h72-p-k-no-nu

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.34

Resource Hash

fe41434c3751f780d8047e9d41dd140e91ae2932c2eb7763e66c634c678c92b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /new-images/img/a/AVvXsEh71rikfMzENrhPmiRTbTEJT4YFFOtbNLIfDKpAAOvNOFlNkg6ikQPKGNBjrEpW4pYaxm2nKzArl6FdUjBzPZV36AF4Adm3jmLFKR7hTlRgIBETR6DGeQ1GCasKScrcmexpGJ4Kbbc63iVP3ck3-1UKc4WwS2lHWX8pHXMrU3oGSw9N5IFq9yElhbWZ=w72-h72-p-k-no-nu
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4396
cf-polished: origFmt=jpeg, origSize=2819
cf-bgj: imgq:100,h2pri
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2686
last-modified: Fri, 01 Oct 2021 13:01:54 GMT
server: cloudflare
x-powered-by: PHP/7.2.34
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1TfxoHxaU9IO1FTcpgrr2JK1c1LABrY82Nh5ObpP%2FRv5fW3uoxnwStJggXPEN0TJbH%2FrbiR8ccwCcen%2BFJjFkhqhpTJToJTP66vJV8tttf%2BBlvWmFu6bPlTGDhNj4G%2BH6tiM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 69764d334fef2788-PRG
expires: Sun, 31 Oct 2021 13:01:53 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1063940948&t=pageview&_s=1&dl=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&dp=%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&ul=en-us&de=UTF-8&dt=Chinese%20Hackers%20Used%20a%20New%20Rootkit%20to%20Spy%20on%20Targeted%20Windows%2010%20Users&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=1214663031&gjid=1082067822&cid=1471407265.1633097711&tid=UA-27389293-1&_gid=1117825564.1633097711&_r=1&cd1=2.0&z=2007525644

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/ 255 KB
94 KB 41ms
41ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

89b6b51b096d2a81a4068d05ec7b0b342d60901877dbb9f15cfbd8dab9bf5a4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96633
x-xss-protection: 0
server: cafe
etag: 1357591291879282945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Oct 2021 14:15:10 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210928/r20190131/ Frame 9D67 10 KB
5 KB 41ms
9ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210928/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210928/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 30 Sep 2021 23:06:38 GMT
expires: Thu, 14 Oct 2021 23:06:38 GMT
content-type: text/html; charset=UTF-8
etag: 297313706323796346
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4617
x-xss-protection: 0
age: 54512
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
462 B 48ms
13ms XHR
text/plain 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-27389293-1&cid=1471407265.1633097711&jid=1214663031&gjid=1082067822&_gid=1117825564.1633097711&_u=YEBAAAAAAAAAAC~&z=1149777305

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 01 Oct 2021 14:15:10 GMT
content-type: text/plain
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rewind-3-300.png
thehackernews.com/images/-SmHk9U6ikBk/YVHUUpxrNfI/AAAAAAAA4ac/xluSCU7878ErhlmIN9mj9pKf9fr3LTBwACLcBGAsYHQ/s300-e100/ 19 KB
20 KB 29ms
26ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-SmHk9U6ikBk/YVHUUpxrNfI/AAAAAAAA4ac/xluSCU7878ErhlmIN9mj9pKf9fr3LTBwACLcBGAsYHQ/s300-e100/rewind-3-300.png

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88c6363b426337d3b9af4cb5cf5cd36212339b4c89967147a8164a6aa4b48327

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-SmHk9U6ikBk/YVHUUpxrNfI/AAAAAAAA4ac/xluSCU7878ErhlmIN9mj9pKf9fr3LTBwACLcBGAsYHQ/s300-e100/rewind-3-300.png
pragma: no-cache
cookie: _ga=GA1.2.1471407265.1633097711; _gid=GA1.2.1117825564.1633097711; _gat=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4143
cf-polished: origFmt=png, origSize=23382
content-disposition: inline; filename="rewind-3-300.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19610
x-xss-protection: 0
expires: Fri, 07 Jan 2022 14:40:20 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve1a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nPPl5xZJWI9KhgBltckFM9lnI%2BlHFD0M44XL3veXNiz3%2FlPryKWw%2Fnk4Vurt2LD8VYfqdTtdtK2QIOlkQtlAfUoMKKohqynkybGEjpoDagk9RuV3%2FiE9zsNyzLkC%2BSCPOc6"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d34b9092788-PRG
access-control-expose-headers: Content-Length

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 58ms
34ms Image
image/gif 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-27389293-1&cid=1471407265.1633097711&jid=1214663031&_u=YEBAAAAAAAAAAC~&z=511042613

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 207 B
664 B 73ms
27ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=thehackernews.com&callback=_gfp_s_&client=ca-pub-7983783048239650

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

ca4247c52d48202a8fdea14680bc41a77e95ae2d817320540689e318a5bb37e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 65ms
27ms Script
application/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F1BE 70 KB
27 KB 1256ms
1204ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

2082e7655cb53b228c0da26c2a699269255b62ecc73bc04d3254e5fe534c460d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 01 Oct 2021 14:15:12 GMT
server: cafe
content-length: 27438
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 57ms
21ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210928&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

7846a236ce3f32529044be0bce868e60359fc82564a10cd58c2619c46aca8618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8540
x-xss-protection: 0

GET
H3 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 74ms
72ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

c72976d3b4c427a85952b5cea1ad2efafcc4b2dc6fdd9ef5a505e5e582e62928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27601
x-xss-protection: 0
server: sffe
etag: "1632957222552500"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Fri, 01 Oct 2021 14:15:11 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C4E 141 KB
33 KB 1041ms
1040ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1633096617&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710721&bpp=2&bdt=1132&idt=274&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&nras=1&correlator=4029967940569&frm=20&pv=1&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=301

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

cf02890dde7a90c71d5ce4b19767098d52275ce82daaaa98ae57d7ae8ab5a0fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1633096617&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710721&bpp=2&bdt=1132&idt=274&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&nras=1&correlator=4029967940569&frm=20&pv=1&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=301
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 01 Oct 2021 14:15:12 GMT
server: cafe
content-length: 34019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 36ms
36ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 01 Oct 2021 14:15:11 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame BCFB 12 KB
5 KB 8ms
8ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Fri, 01 Oct 2021 13:56:05 GMT
expires: Sat, 01 Oct 2022 13:56:05 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BCBC 783 B
535 B 35ms
16ms Document
text/html 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f4.1e100.net

Software

GSE /

Resource Hash

423a30716171139b9e5ee1d266d43926da418713a3403af011f72091a24b78b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IIK3gIbYVd17HeZpc2PuPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 01 Oct 2021 14:15:11 GMT
date: Fri, 01 Oct 2021 14:15:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-IIK3gIbYVd17HeZpc2PuPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ 42 B
64 B 16ms
15ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstK4ZnQQ5R7cE1Ph3cqixVCE29JQ2fTAROzMhRicp_dpyFBIvudae0No9Um6dNNsutXmAyjpcDDOG5x_lnkqhA&sig=Cg0ArKJSzDfrzyidlQUuEAE&id=lidar2&mcvt=1054&p=471,1031,721,1331&mtos=1054,1054,1054,1054,1054&tos=1054,0,0,0,0&v=20210929&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=32&adk=473486474&rs=6&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633097709515&rpt=621

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ 6 KB
3 KB 193ms
149ms Script
text/javascript 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=att_hs&pid=att01&cid=24935727_144332637_292494536&js=st_1pm&sz=300x250&c=te-a92b
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=att01&aid=att_hs&cid=24935727_143061732_292495514&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: bbcabc32ebc509cb24c40c296271f3a101064f212d54a0600f72693ed26c177a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
content-encoding: gzip
server: nginx
x-edge-origin-shield-skipped: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA2-C1
content-length: 2289
x-amz-cf-id: uMYCfmTvg3q97TxHFJO2E8nmnzDl532_Zguyd691PswJ5y_3fbgqSA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ 38 KB
12 KB 53ms
10ms Script
text/javascript 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=att_hs&pid=att01&cid=24935727_144332637_292494536&js=st_2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=att01&aid=att_hs&cid=24935727_143061732_292495514&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Sep 2021 14:56:18 GMT
content-encoding: gzip
server: nginx
age: 83933
vary: Accept-Encoding
x-edge-origin-shield-skipped: 0
content-type: text/javascript;charset=UTF-8
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: lhDoVblkDRy6vQHBmuL_bQ2siB4qrulRyiIgxaqcT3b-SSVQ_FxPYA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ 43 B
406 B 145ms
103ms Image
image/gif 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=att_hs&pid=att01&cid=24935727_144332637_292494536&w=300&h=250&c=de9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
server: nginx
x-edge-origin-shield-skipped: 0
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA2-C1
content-length: 43
x-amz-cf-id: 2Cp_yBAVi3hwCCcDuem-UcelWQxVComWaDkj0ftSzFJOFFIk8jaOrA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ 6 KB
3 KB 146ms
105ms Script
text/javascript 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=att_hs&pid=att01&cid=24935727_143061732_292495514&js=st_1pm&sz=728x90&c=te-2453
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=att01&aid=att_hs&cid=24935727_143061732_292495514&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: db4172957d8a9f359b1e33c5e810377573aad60deab657996d6457af95a70d4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
content-encoding: gzip
server: nginx
x-edge-origin-shield-skipped: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA2-C1
content-length: 2308
x-amz-cf-id: GWayje1D1hQGAtghXuEyxM90WGGOcyam0V-WtsVkc3fRQ0dE-sRpfw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ 38 KB
12 KB 147ms
107ms Script
text/javascript 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=att_hs&pid=att01&cid=24935727_143061732_292495514&js=st_2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=att01&aid=att_hs&cid=24935727_143061732_292495514&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
content-encoding: gzip
server: nginx
x-edge-origin-shield-skipped: 0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Fsvre_LlOJ7bF7P8VWdXM5oHdLgvs4g8_vIr87bECI_NHMyHpktilQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ 43 B
406 B 146ms
106ms Image
image/gif 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=att_hs&pid=att01&cid=24935727_143061732_292495514&w=728&h=90&c=2731
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
server: nginx
x-edge-origin-shield-skipped: 0
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA2-C1
content-length: 43
x-amz-cf-id: W05SKu08LT9x69qY3Kk7UbOXYyrDnpgpDjc8se7Tz3orhWOwlBfpEA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BCBC 0
0 42ms
42ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210928&jk=2937400135280403&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js Show response
pagead2.googlesyndication.com/bg/ Frame BCFB 35 KB
13 KB 18ms
17ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2dfb50fbcee087cba46eff0fd5d87aee1ed58dfae8f06eda467fd1eb1dee280e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 07:49:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13320
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 01 Oct 2022 07:49:21 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6546 0
20 B 49ms
49ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvKaq7hdXYb3GBYz77_UPhfC9oA4AAAAAOAHgBAI&bg=!ubqluv7NAAZE-GIIRPg7ACkAdvg8Wr4rO4RxySOZGQQqyaS0hraLmLSQWqr12Tb-fwuiKxix91UitwIAAAM3UgAAAD5oAQeZAr-bsYHNYCI7AUw2HbPj9nQ00lwRB1L_OpzZhvrEOOxCkpaNSzBy4g4j906hHBLV1egYLSm8vc44uuIzSaMhAxKbKygjCzXAaYJKvlg8Sgfuvk5hP68tXIS9o_AO-vsJQ6fLbkSJ0N3AgjpBYLF5G0qQ5Abyu_kkwuj-o7zwffP5qjRVWIuEKlpfMQN1u9MhWXIEC0OLKfrlzjdYnyCn22xXK8lfBbJ8KwqcuOeJFoG5zgSLludOoeMzHB1M0VpGvU5PWfcUTFyLBNVr9Z9kxWgDAlr3kvc3QGl0IvxpVHIq90euso7r5MHOQp2alXztHTU5r6udNJ-BX_5uorqdfaHPlCX1wr8bgH9bKDxbRkxhoiGsMyERa4zN8-cwWQDPSaQwqvyR7cD9D34Sgqix4kCysVgqDuP7QPoytVf6zPXr0vj3cMnm-MegwLjMsJx8GTqkC959XtBPEjGMcxTsTPe1tIz-Vz6aA6bo9TvoxN7f6kI2fSeIm_3J225CtzPYP-rYrvrkLpaVKoHefVYYHsWoIyOlfHUYIx1saISYbA8ymx_JYAlanFHrUSv4kmB46KsLn0opWKASIT44HDMPAlgZB9Ykj-nYqsbBt56bTZGT_RZjNA7s_3n4ZG4LN5s-oRQTQkVqYdY4pWiZHF3XwgX4xiuRyBoJLlS1-GbgPwv0SincZpCU8hk2WxzWLkvnfY9zSqrTMAocR3FXEkIFtMsWE4mCL2Yg7C9-E2sXOUsDQxlVJgasjlFQk8sBSpcSQ2vTJsfnvBhvqnsoNI40F8tiFC8j72-fY5Ae3fejLmY7VTmD1mTonk8Wd8PFrrbKw_Gyj6mypH8gABCKEqdRB2qCVA9nawDj9l7ZLEJhzDZrMoohMsgYTAVmFoz8J9Zsrr5xLiN5I6PxrJktAs1nvv0eKlPoDOLTpHnrqqkce9mD

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E3A4 0
20 B 26ms
25ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFBMx7RdXYcT6OYbU7_UP9JOhQAAAAAA4AeAEAg&bg=!5-Sl5KDNAAZE-GIIRPg7ACkAdvg8Wtr13KT0mxlH493EWPUjZT1QnBSTRe_X-aUvXyoeGCPHDF98owIAAAOcUgAAACloAQeZAtGQFzh7CGAE3ssECnoMVInl_grqtunu4R3vq7xJBPn4OJCKUQKMMtbtk9shki4XHejpKP-loH5T9EEGqx2-UIWOhA3iE8d_74fkgh5xRYF9KjC2hwIo_cyQConCiYNAwzjbFICxq9k94QSLqcS9m4jxhre2lguimfgSeSZ_j4lRe13RX4Wft_nYZQSA1Z126kR0KejJpB7rOb1bOj2gi-N-hQy1C14nuzG-QJTfg9GIPp0WYWtdi6w4FR-cgkupu0nsrFR_MromLngx4oHj6fXuFsoUCqJbTUZYN9InvPcpw0w8n_8YUb-cPsdmDtvedP4224Gui7Cah6S_hei9cumOYdGgYpXjYOug8NNjzjYOUeixCSl4IsWWrSEegM0VaCcPtdrg4N48GfuJSO8goKxhESO7epVnput1wzVSMrswLjBBzG4xjr8YayRumZtXurUbH-E7GeURVljYg2NwBQLkpH3XMeXvqRrJtismb1bTWKtSpsCk_bF57d1BuZIimPck-td_yqcTo9mR-Ot_7WGdWAUo4ypPSucWMxjGYLHGWhXe6IhOL66I5pJx8QHn2FldrySHhfxMw6iW2qqkTGqyRDNlg__-fxOMUKgEdEs_7I03BncKLBef7GdCc84SCJc7A8HoS24bVPzWQMN6ZdN52SS5KYVCTdxxtNDcaA6bJR5PdilSCSwO4sb0VDT3aN2DlaPWMDznszSM9Vl38cV7IMEzVS2oZaH3xsU-tRge7dgxyJSn_wnjFjnWNpToz-8EcKNTi0d4_0DbjzCxgBffk_TCe8CTQNJh0L7fHNObKVcCKN84LweuXNTKuClSNt8rFvZcfYwwmX4T0uNJPzrCxVmj2hkz0w9JtNAwzu7__sBMs04E8MzOaRZHTMVwPmFp8guQ0DC4cqZivHbxzRFPgGaox6ak66-PVimzUbe7w3ojkEpr7FrHnX43Emc6-pYU

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sec-code.png
thehackernews.com/images/-deh3HUWoqgA/YVXKPqaJZxI/AAAAAAAA4as/8vaF_u8-E9ArXKvXJ8sbs5tGl2E6-ve_ACLcBGAsYHQ/s300-e100/ 19 KB
20 KB 27ms
26ms Image
image/webp 104.26.0.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-deh3HUWoqgA/YVXKPqaJZxI/AAAAAAAA4as/8vaF_u8-E9ArXKvXJ8sbs5tGl2E6-ve_ACLcBGAsYHQ/s300-e100/sec-code.png

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc73f3960948db94fe82140646ec386e0d1e42d16bcdb28e12986df021ef2e7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /images/-deh3HUWoqgA/YVXKPqaJZxI/AAAAAAAA4as/8vaF_u8-E9ArXKvXJ8sbs5tGl2E6-ve_ACLcBGAsYHQ/s300-e100/sec-code.png
pragma: no-cache
cookie: _ga=GA1.2.1471407265.1633097711; _gid=GA1.2.1117825564.1633097711; _gat=1; __gads=ID=4b12e4136468f58e-2215aef77ac9005c:T=1633097710:RT=1633097710:S=ALNI_MZEtohTa1dA1-bkVKQRYF4CK5cPmA
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thehackernews.com
referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6355
cf-polished: origFmt=png, origSize=22243
content-disposition: inline; filename="sec-code.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19874
x-xss-protection: 0
expires: Sat, 08 Jan 2022 14:34:09 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve1ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7hr4KzN10WjFApA7xh5H4R307ViuX%2BUcTnZTkK2eZaq2ySA486E4IGalSCVlkWFE7lXnxY5YYO2iC1b3fpygwgn0ho8L9AIvMbW2Sq3ZpNWajYwZ6%2BM1WQ0CcB6E8%2BIC7Pvq"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
accept-ranges: bytes
cf-ray: 69764d399c8f2788-PRG
access-control-expose-headers: Content-Length

GET
H2 200 get
choices.trustarc.com/ Frame 0FFA 287 B
627 B 9ms
7ms Image
image/png 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Mon, 20 Sep 2021 06:27:51 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
server: nginx
age: 978440
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C1
timing-allow-origin: *
content-length: 287
x-amz-cf-id: JVqdnkhHu_j5mmMxJmEs4tiSrKRHI-hXZa-y1l6XH21JlL-j42wyYw==
expires: Wed, 20 Oct 2021 06:27:50 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 0FFA 739 B
1 KB 9ms
7ms Image
image/png 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Sep 2021 13:35:20 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
server: nginx
age: 1471191
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C1
timing-allow-origin: *
content-length: 739
x-amz-cf-id: 9xT-AsaJt2_UmIemZ9oCcNb9CDNYdPQtROqlnaVud_9GXKm9K3DEUg==
expires: Thu, 14 Oct 2021 13:35:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame C154 287 B
626 B 23ms
16ms Image
image/png 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=att_hs&pid=att01&cid=24935727_143061732_292495514&js=st_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Mon, 20 Sep 2021 06:27:51 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
server: nginx
age: 978440
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C1
timing-allow-origin: *
content-length: 287
x-amz-cf-id: eIwnOfoWlXtftsyNPy07mTeIi-OUbCM2a9EWu6kqdDIA0OgJW42hyA==
expires: Wed, 20 Oct 2021 06:27:50 GMT

GET
H2 200 get
choices.trustarc.com/ Frame C154 739 B
1 KB 23ms
16ms Image
image/png 13.224.193.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=att_hs&pid=att01&cid=24935727_143061732_292495514&js=st_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-52.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Sep 2021 13:35:20 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront)
server: nginx
age: 1471191
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C1
timing-allow-origin: *
content-length: 739
x-amz-cf-id: SQpBI48biu_vy-eCMOwfmRHAergMMO1Sl4Eq5Lf5SSV0UU-vomaCMA==
expires: Thu, 14 Oct 2021 13:35:20 GMT

POST
H/1.1 200
OK bsevent.gif
tps20511.doubleverify.com/ 807 B
1 KB 10ms
8ms Ping
image/gif 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20511.doubleverify.com/bsevent.gif?impid=fabfbb9d80c0482688b07cc3543bf701&pltfrm=Linux%20x86_64&cbust=1633097711837724
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal99.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:11 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 9/30/2021 2:15:11 PM

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 90ms
90ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210928&jk=2937400135280403&bg=!gIOlg8fNAAZE-GIIRPg7ACkAdvg8Wp5eYe2rvzYLf2Yy2Ey5owT4qlGRGKPyLR9z8-QqQxSzlglXyAIAAAFiUgAAABRoAQeZArHQ_YOG2u3ZSsXgPoLx7MCKLKugDTkKnI20PBQMTHjNvbliW3y3tJIcdOHfcrbrj6gvBOpc7Zvms5SXKmor57NlZKrNr5LOJuQpkcVUXI7dCdQ_TlA95U_7POJIRCzUGWKIoufOOiWPFduVvsnWxe_YrzEX_vf9Bt2PWUalrzmwx4GTH4sUpPXktAa9mpD-gxfd7k2gUDWhG4HtQBAG1BAYHJyFXD9ZLs3apt3ZyeMuZU-11PmPrWBw0GJvuF9m88rT06dtceMByz1PRdGGzsujuCyG0mPPAKuJ3MZ3DF0U_PivMQe2VLVsXVpr6lQRnzkkNO8ysQEanLrIQ99EU5DATGIz6lcA9f7YbtHk7xIHzGLkXgzgmxux7uX7IO18jvBHtv-LcDABCVnuej4-PqA9-ToNGCf8-WadI1pmKk4cGTwKZObassVY5MDgQcd2eiVG46hX0utF-T6WgvokvtLiu1LjED8YPTO5qzyu5jEDTW8mn3PiRkn5jYJtaFwVNTehv3O1FLQQ1CJXwhRqWWSwJwEjuUIvdAL-EpZmJAz3ZLE7mcj2O9vYFBNEhakohfMUrxzZmS-o9yagYFLLhLjPj9v3L-A_DiQigUqiI6DawExNFWdKKNiNeMtKzeVrxIyMP1BujGKK355ngiZPyHLxyqptmT9FH8t7Pmc1XBlLuCLtL4Uj-rjhdrwddJe32M3lh-f6VprLQF4WyGP9Qe5aUuPYhN7nR3TB012Rg5WhBv-tMhBTM3_9Xbdojz3sWTLwzFE2I6osNMyAneGZnRTDfNBKvKFUAxOEaH2orLoyQ5xudo7r4KX5qKbwfraKZB_-FoNhzK-Z_nKk3fXgge66y5-Aj2lpU3eOCmUxMoOY2MXG1QkFtIrb8x7MS5oWKTpLWlGYLxKuTgZjGy-kaO0uYQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8C4E 0
20 B 23ms
22ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=39&version=r20210928&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1633096617&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710721&bpp=2&bdt=1132&idt=274&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&nras=1&correlator=4029967940569&frm=20&pv=1&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=301

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/ 142 KB
51 KB 55ms
54ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

03f2160ccb71c5f0fd8655bcaa43faf006ef8665079263678f39f662794611af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52317
x-xss-protection: 0
server: cafe
etag: 4392432695010194293
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Oct 2021 14:15:12 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 90ms
35ms Script
application/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Oct 2021 14:15:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/ Frame AA42 10 KB
5 KB 20ms
20ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109240101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thehackernews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 01 Oct 2021 00:14:05 GMT
expires: Fri, 15 Oct 2021 00:14:05 GMT
content-type: text/html; charset=UTF-8
etag: 297313706323796346
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4617
x-xss-protection: 0
age: 50467
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 10103269202872240163
tpc.googlesyndication.com/simgad/ Frame F1BE 39 KB
39 KB 11ms
10ms Image
image/png 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10103269202872240163?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkZDIWUVdVuObdSdmwTh8610RVhuA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

eefd49ea99f443961949941d4ea636be5ec755f09ac983d1a2cf4b775c4fc27e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 26 Sep 2021 03:24:03 GMT
x-content-type-options: nosniff
age: 471069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40335
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 11:10:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 26 Sep 2022 03:24:03 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame F1BE 18 KB
7 KB 9ms
9ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7607
x-xss-protection: 0
server: cafe
etag: 5036643633216217121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:12:46 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame F1BE 3 KB
1 KB 27ms
23ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:10:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:10:25 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F1BE 122 KB
37 KB 28ms
26ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

eb35e2fc6b44a1ba314358847a3ecffb044ac056ff0b374ec17856062cc75ee3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37846
x-xss-protection: 0
server: sffe
etag: "1632957210746890"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Fri, 01 Oct 2021 14:15:12 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame F1BE 14 KB
6 KB 26ms
23ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:11:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6194
x-xss-protection: 0
server: cafe
etag: 2541472377268313288
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:11:51 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame F1BE 27 KB
11 KB 28ms
23ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

a672e695dab08ffadbea7f0e77f1a723eefff684ae0cdabe2ca3b7a141554c3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 23:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53923
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11096
x-xss-protection: 0
server: cafe
etag: 8885281346021324493
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Oct 2021 23:16:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F1BE 0
0 59ms
54ms Fetch
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHXuZ7xdXYbKMAZ3Lx_AP4KWC-A-mvZisZaGinczPDpCPqPhnEAEg5_vlG2DJlveM5KSsE6AB7qHTlQPIAQKpAqZIWVojlX4-qAMByAPJBKoEiAJP0JEvH0Rf8QfIQVNiZwES7O9pJTBwSoYbFdrodHt_00ZWmKBSD5AcgFzrioCR5JOPzR0DXVQQZDyxDOY1pW-w0pisFGu5A_3kX-QZ-EgU4yyunWhLA-zvDQjSqDyu-xrew4moapKFH4Ms_5BrR1TZ9DcGZo6xzxv59iVV3JojhEx17W0JQ52-RIrQOt4xtqBUYqABNoceZsEAMJQDoMN84DXie6noat1s3_1ktk_1p3Vo3wr5T1cIMDO-B3GlquMLk4Dk6k6mhyBI3_t9GE3x24IrvPzmFgyIqepprIdFoGfx0-AkiZDOo1j-5tY0z3VLUGaFlfFjcT0-RKftZ9tSV5YLuvYXE4TABIrcy8reA5IFBAgEGAGSBQQIBRgEoAYCgAf63axqqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAfIHBRDLvIYC0ggHCIBhEAEYX4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi03OTgzNzgzMDQ4MjM5NjUwGAA&sigh=8P_k1XCeAo8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 01 Oct 2021 14:15:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B39A 143 B
163 B 33ms
21ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 01 Oct 2021 13:34:13 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2459
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 962C 1 KB
749 B 37ms
16ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 01 Oct 2021 08:58:57 GMT
expires: Sat, 02 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 18975
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F1BE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1c81a6e97cd8c3dbde56cd873dc4a99ad0d22806bc64d413afa6ccea10a107c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK event.png
tps20238.doubleverify.com/ Frame 0119 67 B
417 B 85ms
9ms Ping
image/png 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20238.doubleverify.com/event.png?impid=dad28ca55c5247bf8929183d36899f86&gdpr=&gdpr_consent=&dvp_twib=1&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=140&eoid=8&msrjs=1782&pltfrm=Linux%20x86_64&sdf=2&vit=2&isvelg=1&tltms=8&tetms=12&msltms=15&vltms=140&sei=289&vetms=22&engms=1&engisel=1&ttfurm=2251&cbust=1633097712450807
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1782.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:11 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 9/30/2021 2:15:12 PM

GET
H2 200 css2
fonts.googleapis.com/ Frame AA42 4 KB
1 KB 45ms
17ms Stylesheet
text/css 142.250.186.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f10.1e100.net

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 13:09:28 GMT
server: ESF
date: Fri, 01 Oct 2021 14:15:12 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Fri, 01 Oct 2021 14:15:12 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame AA42 205 B
764 B 37ms
6ms Image
image/png 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 09:23:58 GMT
x-content-type-options: nosniff
age: 17474
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 01 Oct 2022 09:23:58 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame AA42 604 B
695 B 38ms
7ms Image
image/png 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 10:54:11 GMT
x-content-type-options: nosniff
age: 12061
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 01 Oct 2022 10:54:11 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/elements/html/ Frame AA42 17 KB
8 KB 10ms
9ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

f0c966edfc6ce40ca892f7e2bc53a95bd27cb94ac8b6fa61fcb30457ff214600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 13:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7655
x-xss-protection: 0
server: cafe
etag: 17297134792721902632
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 13:59:02 GMT

POST
H/1.1 200
OK event.png
tps20244.doubleverify.com/ Frame 1091 67 B
417 B 60ms
12ms Ping
image/png 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20244.doubleverify.com/event.png?impid=dfc3918a13ae4fba8e713f4512e39bd3&gdpr=&gdpr_consent=&dvp_twib=1&vdur=11&eoid=8&msrjs=1782&pltfrm=Linux%20x86_64&sdf=2&vit=2&isvelg=1&tltms=8&tetms=13&msltms=10&vltms=11&sei=289&vetms=32&engms=1&engisel=1&ttfurm=2063&cbust=1633097712473488
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1782.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:12 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 9/30/2021 2:15:12 PM

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 962C
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLlZ1txHfutUNpIP9PGdKFjkAOK1RsVozfNxxO0XxyknNN3bkhqb8Mq1GdaEO2ci7geMTrArUGhEXwhRyXXvXaZgD9Q59Q&google_gid=CAESEHYJpI9mGO1cOnkiySsi9fE&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPCv3IoGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMbFoxdHhIZnV0VU5wSVA5UEdkS0Zqa0FPSzFSc1ZvemZOeHhPMFh4eWtuTk4zYmtocWI4TXExR2RhRU8yY2k3Z2VNVHJBclVHaEVYd2hSeV...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwME40SmNqWjNqR2lmRGdubzJnZ1duQThvWUE0RmZTZDZKdDdEWVZTaGNocw==&google_push

170 B
188 B

25ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwME40SmNqWjNqR2lmRGdubzJnZ1duQThvWUE0RmZTZDZKdDdEWVZTaGNocw==&google_push

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Oct 2021 14:15:12 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwME40SmNqWjNqR2lmRGdubzJnZ1duQThvWUE0RmZTZDZKdDdEWVZTaGNocw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 962C
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEEKNggTdgtC2lcICUOiq8vA&google_cver=1&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g
https://rtb.openx.net/sync/dds?google_gid=CAESEEKNggTdgtC2lcICUOiq8vA&google_cver=1&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPL2W9I9p6mDiCjk6WSOxFRJjd0yUH_uVPNa8FaA-n91J0e9I5Hd7kK4owhFsqDaVwtMGHd3KkUvIna2hI8LxxLK4tBFe1g&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 1gmir3s3q8k39odt5m83lglbhnfgmmpr

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 962C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

25ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLmS5EJLEaUuQ59BdgYMir7VNm5PcpwPQjT18gandBl591SQ3xYLH-WoigGR8z8zQEFyy0PzYG8Z_YQylIsI6zAdwXm3nY

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLmS5EJLEaUuQ59BdgYMir7VNm5PcpwPQjT18gandBl591SQ3xYLH-WoigGR8z8zQEFyy0PzYG8Z_YQylIsI6zAdwXm3nY
date: Fri, 01 Oct 2021 14:15:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 962C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH6eIoYx2jpJqcuRTXaxdUs&google_cver=1&google_push=AYg5qPJ90zyxEyCKlKeGH4AhzCwAr829wdL213-5r_5cOpkNr-WB9eo_1bExC-_zKWQXjzVn5d_...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOT1ItMUEtNE1MMQ==&google_push=AYg5qPJ90zyxEyCKlKeGH4AhzCwAr829wdL213-5r_5cOpkNr-WB9eo_1bExC-_zKWQXjzVn5d_Al57Y8PfutokWhOEXR1Ij6w

170 B
188 B

35ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOT1ItMUEtNE1MMQ==&google_push=AYg5qPJ90zyxEyCKlKeGH4AhzCwAr829wdL213-5r_5cOpkNr-WB9eo_1bExC-_zKWQXjzVn5d_Al57Y8PfutokWhOEXR1Ij6w

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOT1ItMUEtNE1MMQ==&google_push=AYg5qPJ90zyxEyCKlKeGH4AhzCwAr829wdL213-5r_5cOpkNr-WB9eo_1bExC-_zKWQXjzVn5d_Al57Y8PfutokWhOEXR1Ij6w
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 962C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5T...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 962C 43 B
296 B 169ms
21ms Image
image/gif 3.9.111.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEAOTpQI6qq5aK9lGaGcerog&google_cver=1&google_push=AYg5qPJzaZ7WnXvXvPeTlyrkCU2h6-Bsf1xxgC6ySBktNY9KA6SmTSbWoi07zqg0XVOOxWQUaFWdtyafikSh_mZxr1vxDM1cnHY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.111.142 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-111-142.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 962C 0
44 B 735ms
241ms Image
text/plain 3.115.67.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEAQsNT6c2GneBL9NPGH79tg&google_cver=1&google_push=AYg5qPLZo4OeziC4JgqKg5FIeQipIuNGcyEUMuNK8ruwSEDctILc2A5up4oXiqmQF-IyVH2WPOND_ihPt5DaoMhgWXES7wIclPA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=2569898456&adf=3546401298&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1633096617&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html&flash=0&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633097710700&bpp=6&bdt=1111&idt=187&shv=r20210928&mjsv=m202109240101&ptt=9&saldr=aa&abxe=1&correlator=4029967940569&frm=20&pv=2&ga_vid=1471407265.1633097711&ga_sid=1633097711&ga_hid=1063940948&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062937&oid=3&pvsid=2937400135280403&pem=572&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=sgckFGKcwP&p=https%3A//thehackernews.com&dtd=236
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.115.67.144 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:13 GMT
server: awselb/2.0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 962C 0
253 B 61ms
15ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KmsY96BkFeeu4qdp0RcQ6EpJ2EM6CeSVc9mMhn0yHaKZEbvfDF99Q1dMOEILD2UcGDGE4-

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B39A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

27ms
25ms

Document
text/html

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 01 Oct 2021 14:15:12 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 01-Oct-2021 15:15:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 01 Oct 2021 14:15:12 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 01 Oct 2021 14:15:12 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js Show response
pagead2.googlesyndication.com/bg/ Frame 2F22 35 KB
13 KB 20ms
12ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LftQ-87gh8ukbv8P1dh67h7Vjfro8G7aRn_R6x3uKA4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2dfb50fbcee087cba46eff0fd5d87aee1ed58dfae8f06eda467fd1eb1dee280e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 07:49:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13320
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 01 Oct 2022 07:49:21 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B6C2 3 KB
580 B 35ms
19ms Stylesheet
text/css 142.250.186.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 12:26:07 GMT
server: ESF
date: Fri, 01 Oct 2021 14:15:12 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Fri, 01 Oct 2021 14:15:12 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame B6C2 1 KB
881 B 7ms
7ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852
x-xss-protection: 0
server: cafe
etag: 14170629819630813772
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:14:23 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame B6C2 18 KB
7 KB 11ms
11ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7607
x-xss-protection: 0
server: cafe
etag: 5036643633216217121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:12:46 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame B6C2 3 KB
1 KB 12ms
11ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:10:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:10:25 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B6C2 122 KB
37 KB 25ms
24ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

eb35e2fc6b44a1ba314358847a3ecffb044ac056ff0b374ec17856062cc75ee3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37846
x-xss-protection: 0
server: sffe
etag: "1632957210746890"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Fri, 01 Oct 2021 14:15:12 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame B6C2 14 KB
6 KB 12ms
11ms Script
text/javascript 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

cafe /

Resource Hash

4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:11:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6194
x-xss-protection: 0
server: cafe
etag: 2541472377268313288
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Oct 2021 14:11:51 GMT

GET
H3 200 a05f1579543550f3e279366fb116adbd.js Show response
www.gstatic.com/mysidia/ Frame B6C2 27 KB
11 KB 26ms
9ms Script
text/javascript 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a05f1579543550f3e279366fb116adbd.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

6cd4fdef93aef355d2c534bc7de3d08d9723234a1b0cf6161652193f34e4f820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 03:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11147
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 01:21:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 29 Dec 2021 03:59:53 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4C73 143 B
163 B 20ms
17ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 01 Oct 2021 13:34:13 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2459
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1463 1 KB
749 B 15ms
14ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 01 Oct 2021 08:58:57 GMT
expires: Sat, 02 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 18975
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 1463 35 B
463 B 47ms
14ms Image
image/gif 91.228.74.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPNRD4GDd17tJRPXnQ0QbNw&google_cver=1&google_push=AYg5qPI_g4tf23kbfbzPufcc8YHB7gMJjipqHUCbFtvgGSqd2hLgrZaKADDz3gG5SgTxYskx9DASjEu3ENIgEhNKCpsyzIDkaKKL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.133 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1463
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLlZq9JjU55iV1FjhMlzNylj4B1ZRMjoSz92ar...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVZjWDhBQUFCWXJ6aDJxag&google_push=AYg5qPLlZq9JjU55iV1FjhMlzNylj4B1ZRMjoSz92arZieuFiblREOLopxTF3Tc9Fa6SlPsQFqbPFKdW2I-N0J9Gmdgk-lnqnTlZ

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVZjWDhBQUFCWXJ6aDJxag&google_push=AYg5qPLlZq9JjU55iV1FjhMlzNylj4B1ZRMjoSz92arZieuFiblREOLopxTF3Tc9Fa6SlPsQFqbPFKdW2I-N0J9Gmdgk-lnqnTlZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVZjWDhBQUFCWXJ6aDJxag&google_push=AYg5qPLlZq9JjU55iV1FjhMlzNylj4B1ZRMjoSz92arZieuFiblREOLopxTF3Tc9Fa6SlPsQFqbPFKdW2I-N0J9Gmdgk-lnqnTlZ
Date: Fri, 01 Oct 2021 14:15:12 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1463
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKAKFtK...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKAKFtK...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMDExNDE1MTMwMDAxNjE5NzE3OTU4MQ%3D%3D&google_push=AYg5qPKAKFtKr06L93gO5ZMm8-UTUDt_Z3irJ6cvRyTwqdU2yhuQ4MUxOEzpCstdvzD-gX...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMDExNDE1MTMwMDAxNjE5NzE3OTU4MQ%3D%3D&google_push=AYg5qPKAKFtKr06L93gO5ZMm8-UTUDt_Z3irJ6cvRyTwqdU2yhuQ4MUxOEzpCstdvzD-gXxhJQNaw1mXo-fe3s1g6F3vaWhI2EWy

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMDExNDE1MTMwMDAxNjE5NzE3OTU4MQ%3D%3D&google_push=AYg5qPKAKFtKr06L93gO5ZMm8-UTUDt_Z3irJ6cvRyTwqdU2yhuQ4MUxOEzpCstdvzD-gXxhJQNaw1mXo-fe3s1g6F3vaWhI2EWy
pragma: no-cache
date: Fri, 01 Oct 2021 14:15:13 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Fri, 01 Oct 2021 14:15:13 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1463
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEEKNggTdgtC2lcICUOiq8vA&google_cver=1&google_push=AYg5qPLky-izvD0NJ2f1QR5F4p4rL4IFYgqbQsLHcQ6Ra-h80WnGahJqvcl2meTURudaNtc8CnqapXjO0yYPDnbDL5BJOmNul-_p
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLky-izvD0NJ2f1QR5F4p4rL4IFYgqbQsLHcQ6Ra-h80WnGahJqvcl2meTURudaNtc8CnqapXjO0yYPDnbDL5BJOmNul-_p&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLky-izvD0NJ2f1QR5F4p4rL4IFYgqbQsLHcQ6Ra-h80WnGahJqvcl2meTURudaNtc8CnqapXjO0yYPDnbDL5BJOmNul-_p&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLky-izvD0NJ2f1QR5F4p4rL4IFYgqbQsLHcQ6Ra-h80WnGahJqvcl2meTURudaNtc8CnqapXjO0yYPDnbDL5BJOmNul-_p&google_hm=3ca-YaWJzaIXN9YbYt_kdQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: uhf6152ks03pbsv0ok49vouu80naiak6

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1463
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

20ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPImss3s_oyWNgpCtCllj2nn8o7MUaa4QLceGcxUdUGiH3D_pQbg9aVS204Mso8Rv8rJBazVDRmH9T-7D2waMR79RrV0o_uR

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Ws1LrD3lQEWPSU7GBzKo7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPImss3s_oyWNgpCtCllj2nn8o7MUaa4QLceGcxUdUGiH3D_pQbg9aVS204Mso8Rv8rJBazVDRmH9T-7D2waMR79RrV0o_uR
date: Fri, 01 Oct 2021 14:15:12 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1463
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH6eIoYx2jpJqcuRTXaxdUs&google_cver=1&google_push=AYg5qPLeD4CeXsfnxCCSDGYxSSSglcic47euXHU9xAqeryJ6MDjH2N3gVYirdKCALNDvzYH4hTE...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOVVgtNi01RTQz&google_push=AYg5qPLeD4CeXsfnxCCSDGYxSSSglcic47euXHU9xAqeryJ6MDjH2N3gVYirdKCALNDvzYH4hTEz3izF5H4b7FdIsv_4Aw0ivUY

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOVVgtNi01RTQz&google_push=AYg5qPLeD4CeXsfnxCCSDGYxSSSglcic47euXHU9xAqeryJ6MDjH2N3gVYirdKCALNDvzYH4hTEz3izF5H4b7FdIsv_4Aw0ivUY

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1U4RzdOVVgtNi01RTQz&google_push=AYg5qPLeD4CeXsfnxCCSDGYxSSSglcic47euXHU9xAqeryJ6MDjH2N3gVYirdKCALNDvzYH4hTEz3izF5H4b7FdIsv_4Aw0ivUY
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 1463 0
43 B 444ms
241ms Image
text/plain 3.115.67.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEAQsNT6c2GneBL9NPGH79tg&google_cver=1&google_push=AYg5qPIqBXrBIV-3yhRYOCLcoymFrMSUC7Vpo-65OpnzMKnen-d-Cni4ULxkbMuXMdKwUHpP7gI6Ce-pEe2ghQCaGkzOCseLxkIP
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.115.67.144 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:13 GMT
server: awselb/2.0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1463 0
12 B 18ms
17ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JARqv3duxDXF6tNMgTj5cb5Ybtg3FOV2SGb2XYQgeVmx3w7MApoG8FCN7g7bHTelht54nX

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 14:15:12 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4C73
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

25ms
25ms

Document
text/html

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 01 Oct 2021 14:15:12 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 01-Oct-2021 15:15:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 01 Oct 2021 14:15:12 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 01 Oct 2021 14:15:12 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK event.png
tps20238.doubleverify.com/ Frame 0119 67 B
417 B 11ms
11ms Ping
image/png 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20238.doubleverify.com/event.png?impid=dad28ca55c5247bf8929183d36899f86&gdpr=&gdpr_consent=&msrcanlm=262794&msrcannum=9&eoid=10&ismms=53&isumms=52&isvelg=1&nvr=6&elmtp=6&isbxdms=2270&b11=2514&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&vsos=4&dvp_vsosnmr=16&dvp_mvpw=device-width&dvp_mvpis=1&lftb=2514&sftb=2514&msrdp=10&naral=262272&vct=1&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=100&advisonl=true&isiabvms=994&isuiabvms=994&ispmxpms=994&engalms=51&engscrlms=58&dvp_hdnAd=0&dvp_pageEng=true&dvp_dpr=1&cbust=1633097713396417
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1782.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:12 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 9/30/2021 2:15:13 PM

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F1BE 42 B
64 B 28ms
28ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxM_RXZNEfJZtVrty6BdOy4Yrz_VN9D-j43NItZjZzS4d8WAesArjcAkZEEFdh1XXe488-SxxqydX3gUGYJ6PZxJ61ySktoa26Y7GxVMTg0sDo_WE&sai=AMfl-YS_uRHmgMCqIvqzVYnKEzslhqRBZoh2Z8ZN12Ygh-dFdLMSEc_A3J_U2YGJXb3KaFOyRjxcchg9py8SBf_sa5Cf1FBSwVS98rOno48&sig=Cg0ArKJSzBXsh5833jMwEAE&cid=CAASFeRozmVJGM-XP1zKZlosudZSSLhvIw&id=lidar2&mcvt=1000&p=749,1031,999,1331&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210929&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=2569898456&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633097710942&rpt=1465

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Oct 2021 14:15:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK event.png
tps20244.doubleverify.com/ Frame 1091 67 B
417 B 10ms
10ms Ping
image/png 213.254.244.12
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20244.doubleverify.com/event.png?impid=dfc3918a13ae4fba8e713f4512e39bd3&gdpr=&gdpr_consent=&msrcanlm=714&msrcannum=9&eoid=10&ismms=17&isumms=17&isvelg=1&nvr=2&elmtp=6&isbxdms=2120&b0=2376&adhgt=90&adwdth=728&norwdth=728&norhgt=90&engisel=1&dvp_vsosnmr=1&dvp_mvpw=device-width&dvp_mvpis=1&lftb=2376&sftb=2376&msrdp=6&naral=192&vct=1&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=17&engscrlms=23&dvp_hdnAd=0&dvp_pageEng=true&dvp_dpr=1&cbust=1633097713461383
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1782.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://thehackernews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 01 Oct 2021 14:15:13 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 9/30/2021 2:15:13 PM

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c

Verdicts & Comments Add Verdict or Comment

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.agkn.com/	1970-01-20 06:23:53	Name: ab Value: 0001%3Ab1fTpBISitwhNt3UGaXbk5gqRw3gnqPL
.doubleclick.net/	1970-01-20 15:09:29	Name: IDE Value: AHWqTUnpP8X_CKdtvVnrvD9eLPUygyRyiGgk880gHDc9sJK1zgs5iVW5Vgmwg26Vxgg
.demdex.net/	1970-01-20 01:57:29	Name: demdex Value: 83674263222122097882183249958398272367
.agkn.com/	1970-01-20 06:23:53	Name: u Value: C\|0EAgo6dRuKOnUbgAAAAABAgAsAQfomgQAAC0BB-gYBAABAAcAAAAAAXx9L___HgAAAAAAWpT6AAAAABFvIJoAAAAACIby5AAAAAAc9mi8AA
.att.demdex.net/	1970-01-20 01:57:29	Name: att Value: 83674263222122097882183249958398272367
.thehackernews.com/	1970-01-20 15:09:29	Name: _ga Value: GA1.2.1471407265.1633097711
.thehackernews.com/	1970-01-19 21:39:44	Name: _gid Value: GA1.2.1117825564.1633097711
.thehackernews.com/	1970-01-19 21:38:17	Name: _gat Value: 1
.thehackernews.com/	1970-01-20 06:59:53	Name: __gads Value: ID=4b12e4136468f58e-2215aef77ac9005c:T=1633097710:RT=1633097710:S=ALNI_MZEtohTa1dA1-bkVKQRYF4CK5cPmA
.casalemedia.com/	1970-01-20 06:23:53	Name: CMID Value: YVcX8CW10.P.-htYgm28nwAA
.casalemedia.com/	1970-01-19 23:47:53	Name: CMPS Value: 3202
.rlcdn.com/	1970-01-20 06:23:53	Name: rlas3 Value: Fc+e/4Vms8j3o0n20eCxU/9N9AMLn0fbcLkhfqhOZ50=
.openx.net/	1970-01-20 06:23:53	Name: i Value: d13c0b04-a588-4b7b-ab95-5244d5e1ed32\|1633097712
.pubmatic.com/	1970-01-19 21:39:44	Name: KTPCACOOKIE Value: YES
.doubleclick.net/	1970-01-19 21:38:21	Name: DSID Value: NO_DATA
.innovid.com/	1970-01-19 23:47:53	Name: uuid Value: 17b0f59a-4485-4a61-acaf-8df3878e5c7d-20211001 10:15:12
.rlcdn.com/	1970-01-19 23:04:41	Name: pxrc Value: CPCv3IoGEgUI6AcQABIGCOndKhAA
.casalemedia.com/	1970-01-19 23:47:53	Name: CMPRO Value: 1118
.casalemedia.com/	1970-01-19 21:39:44	Name: CMST Value: YVcX8GFXF-AA
.pubmatic.com/	1970-01-19 23:47:53	Name: KADUSERCOOKIE Value: 5ACD4BAC-3DE5-4045-8F49-4EC60732A8ED
.quantserve.com/	1970-01-19 23:47:53	Name: d Value: EAwBCQGwJIEA
.quantserve.com/	1970-01-20 07:08:32	Name: mc Value: 615717f0-c66ba-67d4b-d8a83
.e.dlx.addthis.com/	1970-01-20 07:08:32	Name: na_tc Value: Y
.addthis.com/	1970-01-20 07:08:32	Name: na_id Value: 2021100114151300016197179581
.addthis.com/	1970-01-20 07:08:32	Name: na_tc Value: Y
.addthis.com/	1970-01-20 07:08:32	Name: uid Value: 615717f1c04ba65a
.addthis.com/	1970-01-20 07:08:32	Name: ouid Value: 615717f10001c1731049f67c2a0e4d55310b2569f08141cd810f
.dlx.addthis.com/	1970-01-19 22:21:29	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-19 22:21:29	Name: na_sr Value: 20211001
.dlx.addthis.com/	1970-01-19 21:38:17	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-19 22:21:29	Name: na_sc_e Value: 0

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292494536%26sid%3D5936378%26dvregion%3D2%26unit%3D300x250(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.doubleverify.com/dvbs_src_internal99.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292494536%26sid%3D5936378%26dvregion%3D2%26unit%3D300x250(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.doubleverify.com/dvbs_src_internal99.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 306) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_556233770736&jsTagObjCallback=__tagObject_callback_556233770736&num=6&ctx=&cmp=&plc=&sid=&advid=&adsrv=&unit=&isdvvid=&uid=556233770736&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=3&brver=93&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=0&htmlmsging=1&m1=13&noc=4&fcifrms=1&brh=2&fwc=0&flt=9&fec=385&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=147&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&dvp_exetime=10.90&callbackName=__verify_callback_556233770736, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 306) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_556233770736&jsTagObjCallback=__tagObject_callback_556233770736&num=6&ctx=&cmp=&plc=&sid=&advid=&adsrv=&unit=&isdvvid=&uid=556233770736&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=3&brver=93&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=0&htmlmsging=1&m1=13&noc=4&fcifrms=1&brh=2&fwc=0&flt=9&fec=385&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=147&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&dvp_exetime=10.90&callbackName=__verify_callback_556233770736, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 829) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 829) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 16) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v79.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 16) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v79.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/impl_v79.js(Line 66) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=31;prcl=s, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/impl_v79.js(Line 66) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292494536;dc_ver=79.231;sz=300x250;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=473486474;ord=gyzm5e;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=31;prcl=s, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292495514%26sid%3D5936378%26dvregion%3D2%26unit%3D728x90(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.doubleverify.com/dvbs_src_internal99.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src.js?ctx%3D607671%26cmp%3D24935727%26plc%3D292495514%26sid%3D5936378%26dvregion%3D2%26unit%3D728x90(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.doubleverify.com/dvbs_src_internal99.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 306) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_681880276719&jsTagObjCallback=__tagObject_callback_681880276719&num=6&ctx=&cmp=&plc=&sid=&advid=&adsrv=&unit=&isdvvid=&uid=681880276719&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=3&brver=93&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=0&htmlmsging=1&m1=13&noc=4&fcifrms=3&brh=2&fwc=0&flt=9&fec=468&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=147&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&dvp_exetime=10.90&callbackName=__verify_callback_681880276719, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 306) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_681880276719&jsTagObjCallback=__tagObject_callback_681880276719&num=6&ctx=&cmp=&plc=&sid=&advid=&adsrv=&unit=&isdvvid=&uid=681880276719&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&brid=3&brver=93&bridua=3&dup=null&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=0&htmlmsging=1&m1=13&noc=4&fcifrms=3&brh=2&fwc=0&flt=9&fec=468&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=147&eparams=DC4FC%3Dl9EEADTbpTauTauE96924%3C6C%3F6HD%5D4%40%3ETaua_a%60Tau%60_Tau49%3A%3F6D6%5C924%3C6CD%5CFD65%5C%3F6H%5CC%40%40E%3C%3AE%5CE%40%5CDAJ%5D9E%3E%3D&dvp_exetime=10.90&callbackName=__verify_callback_681880276719, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 829) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.doubleverify.com/dvbs_src_internal99.js(Line 829) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 16) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v79.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 16) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v79.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/impl_v79.js(Line 66) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=2;prcl=s, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/impl_v79.js(Line 66) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.doubleclick.net/ddm/adj/N424004.3381407THEHACKERNEWS/B24935727.292495514;dc_ver=79.231;dc_eid=40004000;sz=728x90;u_sd=1;nel=1;u=__AP1_np_dv_yjc9k9xdqctPA__;dc_adk=2487198672;ord=sc2moe;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2021%2F10%2Fchinese-hackers-used-new-rootkit-to-spy.html$0;xdt=0;crlt=ubH)xmE-sc;sttr=2;prcl=s, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVcX8CW10-P-_htYgm28nwAABF4AAAAB&google_cver=1&google_push=AYg5qPIF3uI7JCi-XC1MCPOa1HA5CzE1708_TzTrrCV4XYEPZx8Omn4d_dazx6uUztHuNeSonz5Tj7iFpELOXIuNIIxmSFEfoGY&google_gid=CAESEOSDJpOFFvz4BSoJoRmj41c Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
ag.innovid.com
att.demdex.net
cc.adingo.jp
cdn.doubleverify.com
cdn3.doubleverify.com
cdnjs.cloudflare.com
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
id.rlcdn.com
image6.pubmatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
rtb.openx.net
rtb0.doubleverify.com
s0.2mdn.net
stats.g.doubleclick.net
thehackernews.com
tpc.googlesyndication.com
tps.doubleverify.com
tps20238.doubleverify.com
tps20244.doubleverify.com
tps20511.doubleverify.com
tps20520.doubleverify.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
104.111.215.191
104.16.19.94
104.26.0.97
13.224.193.52
13.225.87.78
142.250.181.226
142.250.181.227
142.250.184.226
142.250.185.110
142.250.185.134
142.250.185.162
142.250.185.66
142.250.186.129
142.250.186.162
142.250.186.166
142.250.186.170
142.250.186.36
142.250.74.194
172.217.16.130
18.192.155.173
184.30.25.225
185.64.189.115
213.254.244.12
3.115.67.144
3.9.111.142
35.186.253.211
35.244.174.68
52.18.11.109
52.19.186.105
66.102.1.154
69.173.144.139
91.228.74.133
030c41b2b0b75992f3c9ecdacffcdb0facd534c131c4dbe6d7180ddbdf5e8eed
03f2160ccb71c5f0fd8655bcaa43faf006ef8665079263678f39f662794611af
06d4f3d0c8ae992e679e554151744fb1893c71221a665bc8afaf7f007d90cb6c
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
11c02ea0616ce36e0aa72c7b544c43f5b5ddec901bc85c93b31746e8f6425aed
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
158edd2a7562d2b16eadda8fb990eb8d20e53837dd1abdfd2c890fcc0980ede0
15bab76013ea4ae99cd6ee52a984c94c33448ebb948b6f5e016c008696558661
169a6ab5b6e8119554cb3bf3143f981078a0164b5b489176aaa85ba393cdbcf6
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19782a157c92c108b57b13a829d75133ce5b72cdfd55ac826951d7c8e43d6837
2082e7655cb53b228c0da26c2a699269255b62ecc73bc04d3254e5fe534c460d
2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6
2dfb50fbcee087cba46eff0fd5d87aee1ed58dfae8f06eda467fd1eb1dee280e
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
342e6c1168651ef867412d5bc824e72b82cf3b8c9862fb7886a2a15915cebda5
360957a4b009a1e47b5463c6459f9d0b7bfa0fb65e891d1595a737f30aab5759
3d4c87f9ddb4839b27b91329320691deb97f9292e11b425f0b5fd4f35788738c
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
423a30716171139b9e5ee1d266d43926da418713a3403af011f72091a24b78b1
42977b3f1bf3b11d34a40c50c095d65b3ba8631ef4ebb37b950ccd9c401d2181
44abe3410418a547f3412ba93a94ffdfd1dbadf9c785418af8ef15d7877fa2c8
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c
6cd4fdef93aef355d2c534bc7de3d08d9723234a1b0cf6161652193f34e4f820
6e96b8b55eb772f1a9dbe316b050f4be392b225be0496943ac25d33ac4141a2b
71b0efc7eb5ba2a2c73064f286ba8ba97367faad8d384a2c1dc47282f3090f29
7846a236ce3f32529044be0bce868e60359fc82564a10cd58c2619c46aca8618
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
7b1bc177f3783bc324cc9ac66674d1cee7b284bbadee07daabad007860bff148
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558
8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6
88c6363b426337d3b9af4cb5cf5cd36212339b4c89967147a8164a6aa4b48327
89b6b51b096d2a81a4068d05ec7b0b342d60901877dbb9f15cfbd8dab9bf5a4c
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b836cb9ce59305ebf6df9b3df1c342cedeb71dc9fea2e9cb15801f0d79ab714
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1010add519c7d91c7c144a0f67a625c8cc92b140879242993e7b94923e67ba1
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a672e695dab08ffadbea7f0e77f1a723eefff684ae0cdabe2ca3b7a141554c3e
a67aec900303556c78df225e4dbcee27c4cf192663d97bfa17aa97780754ffec
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
bb1bc784da47581f6855c09b77f77411a88718860718a79b1cbab345a9869c21
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbcabc32ebc509cb24c40c296271f3a101064f212d54a0600f72693ed26c177a
bcb80c86da267703311d2eeb3bdb5af0dedf63589d7d6eee4ed81f4bad7537f6
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
c2842ab20cc17cb61e32799c8cff642f37a20a933b12f678628b4666c0311f78
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c5d699fefdbb1353ad990ad49626c5f022090b3c956cea7d9c823c68905b948b
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
c72976d3b4c427a85952b5cea1ad2efafcc4b2dc6fdd9ef5a505e5e582e62928
ca4247c52d48202a8fdea14680bc41a77e95ae2d817320540689e318a5bb37e9
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ccfeaa388b28962e6bf1e85e29a1e980e3eb9226bdd3c9774af9949656bda235
ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c
cf02890dde7a90c71d5ce4b19767098d52275ce82daaaa98ae57d7ae8ab5a0fe
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5
da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7
db4172957d8a9f359b1e33c5e810377573aad60deab657996d6457af95a70d4e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e01ddff81ef43d93f47545eb333edda3130c28ec9b62ed8a71100f1cbfd94887
e12ba31d77c04a9c0c1a461ef0d6b0123cecbd505e00e81486b172a39a27fe77
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d79250af590eae0bbb053a067b37cb7cdad99454e785ae15edce9e2ee69fd9
eb35e2fc6b44a1ba314358847a3ecffb044ac056ff0b374ec17856062cc75ee3
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
eefd49ea99f443961949941d4ea636be5ec755f09ac983d1a2cf4b775c4fc27e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c966edfc6ce40ca892f7e2bc53a95bd27cb94ac8b6fa61fcb30457ff214600
f1c81a6e97cd8c3dbde56cd873dc4a99ad0d22806bc64d413afa6ccea10a107c
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
fb8b347e511e6140e023bc0e53805c062e3f74bb907c5642cf87302b539b34ea
fc73f3960948db94fe82140646ec386e0d1e42d16bcdb28e12986df021ef2e7d
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe41434c3751f780d8047e9d41dd140e91ae2932c2eb7763e66c634c678c92b9

thehackernews.com Open in urlscan Pro 104.26.0.97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

141 Requests

99 %HTTPS

0 %IPv6

25 Domains

38 Subdomains

27 IPs

6 Countries

1492 kBTransfer

3758 kBSize

31 Cookies

39 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

thehackernews.com Open in urlscan Pro
104.26.0.97 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

99 %
HTTPS

0 %
IPv6

25
Domains

38
Subdomains

27
IPs

6
Countries

1492 kB
Transfer

3758 kB
Size

31
Cookies

141 HTTP transactions
7 data transactions